diff --git a/common/_containers/affine.nix b/common/_containers/affine.nix new file mode 100644 index 0000000..fbaf424 --- /dev/null +++ b/common/_containers/affine.nix @@ -0,0 +1,135 @@ +{ + config, + pkgs, + ... +}: +let + cfg = config.services.affine; +in +{ + options.services.affine = + let + lib = pkgs.lib; + in + { + port = lib.mkOption { + type = lib.types.port; + default = 3010; + description = "Port number for the AFFiNE service"; + }; + dataDir = lib.mkOption { + type = lib.types.path; + default = "/var/lib/affine"; + description = "Directory to store AFFiNE data"; + }; + }; + + config = { + systemd.services.create-affine-network = { + description = "Create Docker network for LibreChat"; + serviceConfig.Type = "oneshot"; + wantedBy = [ "multi-user.target" ]; + script = '' + if ! ${pkgs.docker}/bin/docker network inspect affine-network >/dev/null 2>&1; then + ${pkgs.docker}/bin/docker network create affine-network + fi + ''; + }; + + virtualisation.oci-containers.containers = { + ############# + # AFFiNE # + ############# + # NOTE settings live in `/var/lib/affine` manually right now + # Note to remove limits from user need to mark user as subscriber in the database manually + # docker exec it affine_postgres psql -U affine + # select id, feature, configs from features; + # select * from users; + # select * from user_features; + # feature_id = YOUR FEATURE ID YOU WANT TO ASSIGN (get it from 'List possible feature id's') + # user_id = YOUR USER ID YOU WANT TO CHANGE (get it from 'List users with id's') + # update user_features set feature_id = 35 where user_id = 'xxxxxx-xxxx-xxxxxxx-xxxx-xxxxxxxxxxxx'; + affine = { + user = "root"; + image = "ghcr.io/toeverything/affine-graphql:stable"; + ports = [ + "${toString cfg.port}:${toString cfg.port}" + ]; + dependsOn = [ + "affine_redis" + "affine_postgres" + "affine_migration" + ]; + environment = { + REDIS_SERVER_HOST = "affine_redis"; + DATABASE_URL = "postgresql://affine:password@affine_postgres:5432/affine"; + }; + volumes = [ + "${cfg.dataDir}/storage:/root/.affine/storage" + "${cfg.dataDir}/config:/root/.affine/config" + ]; + extraOptions = [ + "--network=affine-network" + ]; + }; + + affine_migration = { + user = "root"; + image = "ghcr.io/toeverything/affine-graphql:stable"; + dependsOn = [ + "affine_redis" + "affine_postgres" + ]; + volumes = [ + "${cfg.dataDir}/storage:/root/.affine/storage" + "${cfg.dataDir}/config:/root/.affine/config" + ]; + environment = { + REDIS_SERVER_HOST = "affine_redis"; + DATABASE_URL = "postgresql://affine:password@affine_postgres:5432/affine"; + }; + cmd = [ + "sh" + "-c" + "node ./scripts/self-host-predeploy.js" + ]; + extraOptions = [ "--network=affine-network" ]; + }; + + affine_redis = { + user = "root"; + image = "redis"; + extraOptions = [ + "--network=affine-network" + "--health-cmd=\"CMD-SHELL redis-cli ping\"" + "--health-interval=30s" + "--health-timeout=10s" + "--health-retries=3" + "--health-start-period=30s" + ]; + }; + + affine_postgres = { + user = "root"; + image = "postgres:16"; + environment = { + POSTGRES_USER = "affine"; + POSTGRES_PASSWORD = "password"; + POSTGRES_DB = "affine"; + POSTGRES_INITDB_ARGS = "--data-checksums"; + }; + volumes = [ + "${cfg.dataDir}/postgres:/var/lib/postgresql/data" + ]; + extraOptions = [ + "--network=affine-network" + "--health-cmd=\"CMD-SHELL pg_isready -U affine\"" + "--health-interval=10s" + "--health-timeout=5s" + "--health-retries=5" + "--health-start-period=30s" + ]; + }; + }; + }; +} diff --git a/common/_containers/inventory.nix b/common/_containers/inventory.nix new file mode 100644 index 0000000..6169ab9 --- /dev/null +++ b/common/_containers/inventory.nix @@ -0,0 +1,166 @@ +{ + config, + lib, + ... +}: + +let + name = "inventory"; + app = "pg-${name}"; + + hostDataDir = "/var/lib/${name}"; + + localAddress = "192.168.100.110"; + pg_port = 54433; + pg_dataDir = "/var/lib/postgres"; + # pgadmin_port = 5050; + # pgadmin_dataDir = "/var/lib/pgadmin"; + + binds = [ + { + host = "${hostDataDir}/postgres"; + container = pg_dataDir; + user = "postgres"; + uid = config.ids.uids.postgres; + } + # { + # host = "${hostDataDir}/pgadmin"; + # container = pgadmin_dataDir; + # user = "pgadmin"; + # uid = 1020; + # } + ]; +in +{ + + users = lib.foldl ( + acc: bind: + { + users.${bind.user} = { + isSystemUser = true; + home = bind.host; + createHome = true; + uid = bind.uid; + group = bind.user; + }; + groups.${bind.user}.gid = bind.uid; + } + // acc + ) { } binds; + + containers.${app} = { + ephemeral = true; + autoStart = true; + privateNetwork = true; + hostAddress = "192.168.100.2"; + localAddress = localAddress; + bindMounts = lib.foldl ( + acc: bind: + { + "${bind.container}" = { + hostPath = bind.host; + isReadOnly = false; + }; + } + // acc + ) { } binds; + config = + { config, pkgs, ... }: + { + system.stateVersion = "24.11"; + + users = lib.foldl ( + acc: bind: + { + users.${bind.user} = { + isSystemUser = true; + home = bind.container; + uid = bind.uid; + group = bind.user; + }; + groups.${bind.user}.gid = bind.uid; + } + // acc + ) { } binds; + + services.postgresql = { + enable = true; + package = pkgs.postgresql_17.withJIT; + enableJIT = true; + extensions = with pkgs.postgresql17Packages; [ + # NOTE add extensions here + pgvector + postgis + ]; + settings.port = pg_port; + enableTCPIP = true; + authentication = '' + local all all trust + host all all 127.0.0.1/8 trust + host all all ::1/128 trust + host all all 192.168.100.0/24 trust + ''; + identMap = '' + # ArbitraryMapName systemUser dbUser + superuser_map root ${name} + + # Let other names login as themselves + superuser_map /^(.*)$ \1 + ''; + ensureDatabases = [ name ]; + ensureUsers = [ + { + name = name; + ensureDBOwnership = true; + ensureClauses = { + login = true; + superuser = true; + }; + } + ]; + dataDir = + (lib.findFirst (bind: bind.user == "postgres") (throw "No postgres bind found") binds).container; + }; + + # services.pgadmin = { + # enable = true; + # port = pgadmin_port; + # openFirewall = true; + # initialEmail = "admin@test.com"; + # initialPasswordFile = (builtins.toFile "password" "password"); + # }; + + # TODO set this up, had issues since it shares users with postgres service and my bind mounts relys on createhome in that exact directory. + # services.postgresqlBackup = { + # enable = true; + # compression = "gzip"; + # compressionLevel = 9; + # databases = [ cfg.database ]; + # location = "${cfg.dataDir}/backup"; + # startAt = "02:30"; # Adjust the backup time as needed + # }; + + networking.firewall = { + enable = true; + allowedTCPPorts = [ pg_port ]; + }; + + # Health check to ensure database is ready + systemd.services.postgresql-healthcheck = { + description = "PostgreSQL Health Check"; + after = [ "postgresql.service" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + Type = "oneshot"; + ExecStart = '' + ${pkgs.postgresql_17}/bin/pg_isready \ + -U ${name} \ + -d ${name} \ + -h localhost \ + -p ${toString pg_port} + ''; + }; + }; + }; + }; +} diff --git a/common/_containers/librechat.nix b/common/_containers/librechat.nix new file mode 100644 index 0000000..529ee08 --- /dev/null +++ b/common/_containers/librechat.nix @@ -0,0 +1,148 @@ +{ + config, + pkgs, + ... +}: +let + cfg = config.services.librechat; +in +{ + options.services.librechat = + let + lib = pkgs.lib; + in + { + port = lib.mkOption { + type = lib.types.port; + default = 3080; + description = "Port number for the LibreChat"; + }; + ragPort = lib.mkOption { + type = lib.types.port; + default = 8000; + description = "Port number for the RAG API service"; + }; + dataDir = lib.mkOption { + type = lib.types.path; + default = "/var/lib/librechat"; + description = "Directory to store LibreChat data"; + }; + }; + + config = { + systemd.services.create-librechat-network = { + description = "Create Docker network for LibreChat"; + serviceConfig.Type = "oneshot"; + wantedBy = [ "multi-user.target" ]; + script = '' + if ! ${pkgs.docker}/bin/docker network inspect librechat-network >/dev/null 2>&1; then + ${pkgs.docker}/bin/docker network create librechat-network + fi + ''; + }; + + virtualisation.oci-containers.containers = { + ############# + # librechat # + ############# + # NOTE settings live in `/var/lib/librechat` manually right now + librechat = { + user = "root"; + image = "ghcr.io/danny-avila/librechat-dev:latest"; + ports = [ + "${toString cfg.port}:${toString cfg.port}" + ]; + dependsOn = [ + "librechat_mongodb" + "librechat_rag_api" + ]; + environment = { + HOST = "0.0.0.0"; + MONGO_URI = "mongodb://librechat_mongodb:27017/LibreChat"; + SEARCH = "true"; + MEILI_HOST = "http://librechat_meilisearch:7700"; + RAG_PORT = toString cfg.ragPort; + RAG_API_URL = "http://librechat_rag_api:${toString cfg.ragPort}"; + # DEBUG_CONSOLE = "true"; + # DEBUG_LOGGING = "true"; + }; + environmentFiles = [ "${cfg.dataDir}/.env" ]; + volumes = [ + "${cfg.dataDir}/.env:/app/.env" + "${cfg.dataDir}/librechat.yaml:/app/librechat.yaml" + "${cfg.dataDir}/images:/app/client/public/images" + "${cfg.dataDir}/logs:/app/api/logs" + ]; + extraOptions = [ + "--network=librechat-network" + "--add-host=azureproxy:100.64.0.8" + ]; + }; + + librechat_mongodb = { + user = "root"; + image = "mongo"; + volumes = [ + "${cfg.dataDir}/data-node:/data/db" + ]; + cmd = [ + "mongod" + "--noauth" + ]; + extraOptions = [ "--network=librechat-network" ]; + }; + + librechat_meilisearch = { + user = "root"; + image = "getmeili/meilisearch:v1.13"; + environment = { + MEILI_HOST = "http://librechat_meilisearch:7700"; + MEILI_NO_ANALYTICS = "true"; + }; + volumes = [ + "${cfg.dataDir}/meili_data_v1.13:/meili_data" + ]; + extraOptions = [ "--network=librechat-network" ]; + }; + + librechat_vectordb = { + user = "root"; + image = "ankane/pgvector:latest"; + environment = { + POSTGRES_DB = "mydatabase"; + POSTGRES_USER = "myuser"; + POSTGRES_PASSWORD = "mypassword"; + }; + volumes = [ + "${cfg.dataDir}/pgdata2:/var/lib/postgresql/data" + ]; + extraOptions = [ "--network=librechat-network" ]; + }; + + librechat_rag_api = { + user = "root"; + image = "ghcr.io/danny-avila/librechat-rag-api-dev-lite:latest"; + environment = { + DB_HOST = "librechat_vectordb"; + RAG_PORT = toString cfg.ragPort; + OPENAI_API_KEY = "not_using_openai"; + }; + dependsOn = [ "librechat_vectordb" ]; + environmentFiles = [ "${cfg.dataDir}/.env" ]; + extraOptions = [ "--network=librechat-network" ]; + }; + + # TODO revisit local whisper, for now I am using groq free for STT + # librechat_whisper = { + # user = "root"; + # image = "onerahmet/openai-whisper-asr-webservice:latest"; + # # ports = [ "8080:8080" ]; + # environment = { + # ASR_MODEL = "base"; # You can change to small, medium, large, etc. + # ASR_ENGINE = "openai_whisper"; + # }; + # extraOptions = [ "--network=librechat-network" ]; + # }; + }; + }; +} diff --git a/common/_containers/mathesar.nix b/common/_containers/mathesar.nix new file mode 100644 index 0000000..ae1bec4 --- /dev/null +++ b/common/_containers/mathesar.nix @@ -0,0 +1,159 @@ +{ + config, + pkgs, + ... +}: +let + cfg = config.services.mathesar; +in +{ + options.services.mathesar = + let + lib = pkgs.lib; + in + { + port = lib.mkOption { + type = lib.types.port; + default = 3081; + description = "Port number for the Mathesar"; + }; + dataDir = lib.mkOption { + type = lib.types.path; + default = "/var/lib/mathesar"; + description = "Directory to store Mathesar data"; + }; + secretKey = lib.mkOption { + type = lib.types.str; + # echo $(cat /dev/urandom | LC_CTYPE=C tr -dc 'a-zA-Z0-9' | head -c 50) + # https://docs.djangoproject.com/en/4.2/ref/settings/#secret-key + description = "Secret key for Django security features"; + }; + domainName = lib.mkOption { + type = lib.types.str; + default = "http://10.20.40.104"; + description = "Custom domain(s) for accessing Mathesar"; + }; + postgresDb = lib.mkOption { + type = lib.types.str; + default = "mathesar_django"; + description = "Database name for Mathesar"; + }; + postgresUser = lib.mkOption { + type = lib.types.str; + default = "mathesar"; + description = "Database user for Mathesar"; + }; + postgresPassword = lib.mkOption { + type = lib.types.str; + default = "mathesar"; + description = "Database password for Mathesar"; + }; + postgresHost = lib.mkOption { + type = lib.types.str; + default = "mathesar_db"; + description = "Host running the PostgreSQL database"; + }; + postgresPort = lib.mkOption { + type = lib.types.port; + default = 3082; + description = "Port on which PostgreSQL is running"; + }; + allowedHosts = lib.mkOption { + type = lib.types.str; + default = "*"; + description = "Allowed hosts for Mathesar web service. "; + }; + }; + + config = { + systemd.services.create-mathesar-network = { + description = "Create Docker network for Mathesar"; + serviceConfig.Type = "oneshot"; + wantedBy = [ "multi-user.target" ]; + script = '' + if ! ${pkgs.docker}/bin/docker network inspect mathesar_network >/dev/null 2>&1; then + ${pkgs.docker}/bin/docker network create mathesar_network + fi + ''; + }; + + virtualisation.oci-containers.containers = { + ################ + # mathesar_service + ################ + mathesar_service = { + user = "root"; + image = "mathesar/mathesar:latest"; + dependsOn = [ "mathesar_db" ]; + environment = { + SECRET_KEY = cfg.secretKey; + DOMAIN_NAME = cfg.domainName; + POSTGRES_DB = cfg.postgresDb; + POSTGRES_USER = cfg.postgresUser; + POSTGRES_PASSWORD = cfg.postgresPassword; + POSTGRES_HOST = cfg.postgresHost; + POSTGRES_PORT = (toString cfg.postgresPort); + DJANGO_SETTINGS_MODULE = "config.settings.production"; + # Allowed hosts is * to allow all traffic on service. + # The caddy proxy handles the rest. + ALLOWED_HOSTS = "*"; + }; + volumes = [ + "${cfg.dataDir}/static:/code/static" + "${cfg.dataDir}/media:/code/media" + ]; + extraOptions = [ + "--network=mathesar_network" + "--expose=8000" + ]; + }; + + ################ + # mathesar_db (PostgreSQL Database) + ################ + mathesar_db = { + user = "root"; + image = "postgres:13"; + environment = { + POSTGRES_DB = cfg.postgresDb; + POSTGRES_USER = cfg.postgresUser; + POSTGRES_PASSWORD = cfg.postgresPassword; + PGPORT = toString cfg.postgresPort; + }; + volumes = [ + "${cfg.dataDir}/pgdata:/var/lib/postgresql/data" + ]; + extraOptions = [ + "--network=mathesar_network" + "--expose=${toString cfg.postgresPort}" + ]; + }; + + ############## + # caddy-reverse-proxy + ############## + caddy_reverse_proxy = { + user = "root"; + image = "mathesar/mathesar-caddy:latest"; + ports = [ + "10.20.40.104:${toString cfg.port}:80" + ]; + environment = { + SECRET_KEY = cfg.secretKey; + DOMAIN_NAME = cfg.domainName; + POSTGRES_DB = cfg.postgresDb; + POSTGRES_USER = cfg.postgresUser; + POSTGRES_PASSWORD = cfg.postgresPassword; + POSTGRES_HOST = cfg.postgresHost; + POSTGRES_PORT = toString cfg.postgresPort; + }; + volumes = [ + "${cfg.dataDir}/media:/code/media" + "${cfg.dataDir}/static:/code/static" + "${cfg.dataDir}/caddy:/data" + ]; + extraOptions = [ "--network=mathesar_network" ]; + }; + }; + }; +} diff --git a/common/_containers/pgadmin.nix b/common/_containers/pgadmin.nix new file mode 100644 index 0000000..064bc9e --- /dev/null +++ b/common/_containers/pgadmin.nix @@ -0,0 +1,53 @@ +{ + config, + pkgs, + ... +}: +let + cfg = config.customServices.pgadmin; +in +{ + options.customServices.pgadmin = + let + lib = pkgs.lib; + in + { + port = lib.mkOption { + type = lib.types.port; + default = 3085; + description = "Port number for the PGAdmin interface"; + }; + dataDir = lib.mkOption { + type = lib.types.path; + default = "/var/lib/pgadmin"; + description = "Directory to store PGAdmin data"; + }; + }; + + config = { + virtualisation.oci-containers.containers = { + ############# + # pgadmin # + ############# + # NOTE settings live in `/var/lib/librechat` manually right now + pgadmin = { + user = "root"; + image = "dpage/pgadmin4:latest"; + ports = [ + "${toString cfg.port}:${toString cfg.port}" + ]; + environment = { + PGADMIN_LISTEN_PORT = toString cfg.port; + PGADMIN_DEFAULT_EMAIL = "admin@db.joshuabell.xyz"; + PGADMIN_DEFAULT_PASSWORD = "password"; + }; + volumes = [ + "${cfg.dataDir}:/var/lib/pgadmin" + ]; + extraOptions = [ + "--network=host" + ]; + }; + }; + }; +} diff --git a/common/_containers/tests.nix b/common/_containers/tests.nix new file mode 100644 index 0000000..b4c6659 --- /dev/null +++ b/common/_containers/tests.nix @@ -0,0 +1,39 @@ +{ + ... +}: +{ + options = { }; + + config = { + # Random test, visit http://192.168.100.11/ + containers.wasabi = { + ephemeral = true; + autoStart = true; + privateNetwork = true; + hostAddress = "192.168.100.2"; + localAddress = "192.168.100.11"; + config = + { config, pkgs, ... }: + { + system.stateVersion = "24.11"; + services.httpd.enable = true; + services.httpd.adminAddr = "foo@example.org"; + networking.firewall = { + enable = true; + allowedTCPPorts = [ 80 ]; + }; + }; + }; + + virtualisation.oci-containers.containers = { + # Example of defining a container, visit http://localhost:8085/ + "nginx_simple" = { + # autoStart = true; this is default true + image = "nginx:latest"; + ports = [ + "127.0.0.1:8085:80" + ]; + }; + }; + }; +} diff --git a/common/home_manager/default.nix b/common/_home_manager/default.nix similarity index 89% rename from common/home_manager/default.nix rename to common/_home_manager/default.nix index aa2abaa..2c96bf6 100644 --- a/common/home_manager/default.nix +++ b/common/_home_manager/default.nix @@ -33,12 +33,6 @@ in home-manager.useGlobalPkgs = true; home-manager.backupFileExtension = "bak"; - home-manager.sharedModules = [ - ./programs/tmux/tmux.nix - ./programs/alacritty.nix - ./programs/atuin.nix - ]; - home-manager.users = lib.mapAttrs' (name: userConfig: { inherit name; value = userConfig // { diff --git a/components/hm/alacritty.nix b/common/_home_manager/mods/alacritty.nix similarity index 100% rename from components/hm/alacritty.nix rename to common/_home_manager/mods/alacritty.nix diff --git a/components/hm/atuin.nix b/common/_home_manager/mods/atuin.nix similarity index 100% rename from components/hm/atuin.nix rename to common/_home_manager/mods/atuin.nix diff --git a/common/home_manager/programs/direnv.nix b/common/_home_manager/mods/direnv.nix similarity index 100% rename from common/home_manager/programs/direnv.nix rename to common/_home_manager/mods/direnv.nix diff --git a/common/home_manager/programs/git.nix b/common/_home_manager/mods/git.nix similarity index 100% rename from common/home_manager/programs/git.nix rename to common/_home_manager/mods/git.nix diff --git a/common/home_manager/programs/kitty.nix b/common/_home_manager/mods/kitty.nix similarity index 100% rename from common/home_manager/programs/kitty.nix rename to common/_home_manager/mods/kitty.nix diff --git a/common/home_manager/programs/launcher_rofi.nix b/common/_home_manager/mods/launcher_rofi.nix similarity index 100% rename from common/home_manager/programs/launcher_rofi.nix rename to common/_home_manager/mods/launcher_rofi.nix diff --git a/common/home_manager/programs/nix_deprecations.nix b/common/_home_manager/mods/nix_deprecations.nix similarity index 100% rename from common/home_manager/programs/nix_deprecations.nix rename to common/_home_manager/mods/nix_deprecations.nix diff --git a/common/home_manager/programs/obs.nix b/common/_home_manager/mods/obs.nix similarity index 100% rename from common/home_manager/programs/obs.nix rename to common/_home_manager/mods/obs.nix diff --git a/common/home_manager/programs/postgres.nix b/common/_home_manager/mods/postgres.nix similarity index 100% rename from common/home_manager/programs/postgres.nix rename to common/_home_manager/mods/postgres.nix diff --git a/common/home_manager/programs/slicer.nix b/common/_home_manager/mods/slicer.nix similarity index 100% rename from common/home_manager/programs/slicer.nix rename to common/_home_manager/mods/slicer.nix diff --git a/common/home_manager/programs/ssh.nix b/common/_home_manager/mods/ssh.nix similarity index 100% rename from common/home_manager/programs/ssh.nix rename to common/_home_manager/mods/ssh.nix diff --git a/common/home_manager/programs/starship.nix b/common/_home_manager/mods/starship.nix similarity index 100% rename from common/home_manager/programs/starship.nix rename to common/_home_manager/mods/starship.nix diff --git a/common/home_manager/programs/tmux/tmux-reset.conf b/common/_home_manager/mods/tmux/tmux-reset.conf similarity index 100% rename from common/home_manager/programs/tmux/tmux-reset.conf rename to common/_home_manager/mods/tmux/tmux-reset.conf diff --git a/components/hm/tmux/tmux.nix b/common/_home_manager/mods/tmux/tmux.nix similarity index 100% rename from components/hm/tmux/tmux.nix rename to common/_home_manager/mods/tmux/tmux.nix diff --git a/common/home_manager/programs/zoxide.nix b/common/_home_manager/mods/zoxide.nix similarity index 100% rename from common/home_manager/programs/zoxide.nix rename to common/_home_manager/mods/zoxide.nix diff --git a/common/home_manager/programs/zsh.nix b/common/_home_manager/mods/zsh.nix similarity index 100% rename from common/home_manager/programs/zsh.nix rename to common/_home_manager/mods/zsh.nix diff --git a/common/desktop_environment/default.nix b/common/desktop_environment/default.nix new file mode 100644 index 0000000..beba99b --- /dev/null +++ b/common/desktop_environment/default.nix @@ -0,0 +1,30 @@ +{ config, lib, ... }: +let + ccfg = import ../config.nix; + cfg = config.${ccfg.custom_config_key}.desktopEnvironment; +in +{ + imports = [ + ./gnome + ]; + config = { + assertions = [ + ( + let + enabledDEs = lib.filter (x: x.enabled) [ + { + name = "gnome"; + enabled = cfg.gnome.enable; + } + ]; + in + { + assertion = lib.length enabledDEs <= 1; + message = + "Only one desktop environment can be enabled at a time. Enabled: " + + lib.concatStringsSep ", " (map (x: x.name) enabledDEs); + } + ) + ]; + }; +} diff --git a/common/desktop_environment/gnome/black.png b/common/desktop_environment/gnome/black.png new file mode 100644 index 0000000..b87512f Binary files /dev/null and b/common/desktop_environment/gnome/black.png differ diff --git a/common/desktop_environment/gnome/dconf.nix b/common/desktop_environment/gnome/dconf.nix new file mode 100644 index 0000000..dec16ef --- /dev/null +++ b/common/desktop_environment/gnome/dconf.nix @@ -0,0 +1,206 @@ +{ cfg }: +{ + lib, + pkgs, + ... +}: +{ + config = lib.mkIf cfg.enable { + home-manager.sharedModules = [ + ( + { lib, ... }: + with lib.hm.gvariant; + { + # use `dconf dump /` before and after and diff the files for easy editing of dconf below + # dconf dump / > /tmp/dconf_dump_start && watch -n0.5 "dconf dump / > /tmp/dconf_dump_current && \diff --color /tmp/dconf_dump_start /tmp/dconf_dump_current -U12" + # To get nix specific diff: + # \diff -u /tmp/dconf_dump_start /tmp/dconf_dump_current | grep '^+[^+]' | sed 's/^+//' | dconf2nix + # OR (Must be logged into user directly, no SU to user will work): `dconf watch /` + # OR get the exact converted nixConfig from `dconf dump / | dconf2nix | less` and search with forward slash + dconf.settings = { + "org/gnome/shell" = { + favorite-apps = [ ]; + enabled-extensions = with pkgs.gnomeExtensions; [ + vertical-workspaces.extensionUuid + compact-top-bar.extensionUuid + tray-icons-reloaded.extensionUuid + vitals.extensionUuid + ]; + }; + + # Plugin Settings + "org/gnome/shell/extensions/vertical-workspaces" = { + animation-speed-factor = 42; + center-dash-to-ws = false; + dash-bg-color = 0; + dash-position = 2; + dash-position-adjust = 0; + hot-corner-action = 0; + startup-state = 1; + ws-switcher-wraparound = true; + }; + "org/gnome/shell/extensions/compact-top-bar" = { + fade-text-on-fullscreen = true; + }; + "org/gnome/shell/extensions/vitals" = { + position-in-panel = 1; + }; + + # Built in settings + "org/gnome/desktop/session" = { + idle-delay = mkUint32 0; + }; + "org/gnome/desktop/wm/preferences" = { + resize-with-right-button = true; + button-layout = "maximize:appmenu,close"; + audible-bell = false; + wrap-around = true; + }; + "org/gnome/settings-daemon/plugins/media-keys" = { + # Disable the lock screen shortcut + screensaver = [ "" ]; + custom-keybindings = [ + "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/" + "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1/" + ]; + }; + "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = { + binding = "Return"; + command = cfg.terminalCommand; + name = "Launch terminal"; + }; + "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1" = { + binding = "Space"; + command = "wofi"; + name = "Launcher"; + }; + "org/gnome/desktop/wm/keybindings" = { + minimize = [ "" ]; + move-to-workspace-1 = [ "" ]; + move-to-workspace-2 = [ "" ]; + move-to-workspace-3 = [ "" ]; + move-to-workspace-4 = [ "" ]; + move-to-workspace-last = [ "" ]; + move-to-workspace-down = [ "j" ]; + move-to-workspace-up = [ "k" ]; + # move-to-workspace-left = [ "h" ]; + # move-to-workspace-right = [ "l" ]; + switch-input-source = [ ]; + switch-input-source-backward = [ ]; + switch-to-workspace-1 = [ "1" ]; + switch-to-workspace-2 = [ "2" ]; + switch-to-workspace-3 = [ "3" ]; + switch-to-workspace-4 = [ "4" ]; + switch-to-workspace-last = [ "" ]; + switch-to-workspace-down = [ "j" ]; + switch-to-workspace-up = [ "k" ]; + # switch-to-workspace-left = [ "k" ]; + # switch-to-workspace-right = [ "j" ]; + # move-to-monitor-down = [ "j" ]; + # move-to-monitor-up = [ "k" ]; + move-to-monitor-left = [ "h" ]; + move-to-monitor-right = [ "l" ]; + unmaximize = [ "j" ]; + maximize = [ "k" ]; + }; + "org/gnome/mutter" = { + dynamic-workspaces = true; + edge-tiling = true; + workspaces-only-on-primary = true; + center-new-windows = true; + }; + "org/gnome/mutter/keybindings" = { + toggle-tiled-right = [ "l" ]; + toggle-tiled-left = [ "h" ]; + }; + "org/gnome/settings-daemon/plugins/power" = { + power-button-action = "nothing"; + sleep-inactive-ac-type = "nothing"; + sleep-inactive-battery-type = "nothing"; + idle-brightness = 15; + power-saver-profile-on-low-battery = false; + }; + "org/gnome/desktop/background" = { + color-shading-type = "solid"; + picture-options = "zoom"; + picture-uri = "file://" + (./black.png); + picture-uri-dark = "file://" + (./black.png); + primary-color = "#000000000000"; + secondary-color = "#000000000000"; + }; + "org/gnome/desktop/screensaver" = { + lock-enabled = false; + idle-activation-enabled = false; + picture-options = "zoom"; + picture-uri = "file://" + (./black.png); + picture-uri-dark = "file://" + (./black.png); + }; + "org/gnome/desktop/applications/terminal" = { + exec = "alacritty"; + }; + "org/gnome/settings-daemon/plugins/color" = { + night-light-enabled = false; + night-light-schedule-automatic = false; + }; + "org/gnome/shell/keybindings" = { + shift-overview-down = [ "" ]; + shift-overview-up = [ "" ]; + switch-to-application-1 = [ "" ]; + switch-to-application-2 = [ "" ]; + switch-to-application-3 = [ "" ]; + switch-to-application-4 = [ "" ]; + switch-to-application-5 = [ "" ]; + switch-to-application-6 = [ "" ]; + switch-to-application-7 = [ "" ]; + switch-to-application-8 = [ "" ]; + switch-to-application-9 = [ "" ]; + toggle-quick-settings = [ "" ]; + toggle-application-view = [ "" ]; + }; + "org/gtk/gtk4/settings/file-chooser" = { + show-hidden = true; + }; + + "org/gnome/desktop/interface" = { + accent-color = "orange"; + show-battery-percentage = true; + clock-show-date = true; + clock-show-seconds = true; + clock-show-weekday = true; + color-scheme = "prefer-dark"; + cursor-size = 24; + enable-animations = true; + enable-hot-corners = false; + font-antialiasing = "grayscale"; + font-hinting = "slight"; + gtk-theme = "Adwaita-dark"; + # icon-theme = "Yaru-magenta-dark"; + }; + + "org/gnome/desktop/notifications" = { + application-children = [ "org-gnome-tweaks" ]; + }; + + "org/gnome/desktop/notifications/application/org-gnome-tweaks" = { + application-id = "org.gnome.tweaks.desktop"; + }; + + "org/gnome/desktop/peripherals/mouse" = { + natural-scroll = false; + }; + + "org/gnome/desktop/peripherals/touchpad" = { + disable-while-typing = true; + two-finger-scrolling-enabled = true; + natural-scroll = true; + }; + + "org/gnome/tweaks" = { + show-extensions-notice = false; + }; + }; + } + ) + ]; + }; +} diff --git a/common/desktop_environment/gnome/default.nix b/common/desktop_environment/gnome/default.nix new file mode 100644 index 0000000..a520e49 --- /dev/null +++ b/common/desktop_environment/gnome/default.nix @@ -0,0 +1,84 @@ +{ + config, + lib, + pkgs, + ... +}: +let + ccfg = import ../../config.nix; + cfg_path = [ + ccfg.custom_config_key + "desktopEnvironment" + "gnome" + ]; + cfg = lib.attrsets.getAttrFromPath cfg_path config; +in +with lib; +{ + options = + { } + // lib.attrsets.setAttrByPath cfg_path { + enable = lib.mkEnableOption "gnome desktop environment"; + terminalCommand = mkOption { + type = lib.types.str; + default = "kitty"; + description = "The terminal command to use."; + }; + }; + + imports = [ + (import ./dconf.nix { inherit cfg; }) + (import ./wofi.nix { inherit cfg; }) + ]; + + config = lib.mkIf cfg.enable { + services.xserver = { + enable = true; + desktopManager.gnome.enable = true; + displayManager.gdm = { + enable = true; + autoSuspend = false; + wayland = true; + }; + }; + services.gnome.gnome-initial-setup.enable = false; + + environment.gnome.excludePackages = with pkgs; [ + gnome-backgrounds + gnome-video-effects + gnome-maps + gnome-music + gnome-tour + gnome-text-editor + gnome-user-docs + ]; + environment.systemPackages = with pkgs; [ + dconf-editor + dconf2nix + gnome-tweaks + wayland + wayland-utils + xwayland + wl-clipboard + numix-cursor-theme + gnomeExtensions.vertical-workspaces + gnomeExtensions.compact-top-bar + gnomeExtensions.tray-icons-reloaded + gnomeExtensions.vitals + ]; + environment.sessionVariables = { + NIXOS_OZONE_WL = "1"; + GTK_THEME = "Adwaita:dark"; + }; + + qt = { + enable = true; + platformTheme = "gnome"; + style = "adwaita-dark"; + }; + + hardware.graphics = { + enable = true; + }; + }; +} diff --git a/common/desktop_environment/gnome/wofi.css b/common/desktop_environment/gnome/wofi.css new file mode 100644 index 0000000..976c0ef --- /dev/null +++ b/common/desktop_environment/gnome/wofi.css @@ -0,0 +1,51 @@ +window { + margin: 0px; + border: 1px solid #171717; + background-color: #262626; +} + +#input { + margin: 5px; + border: none; + color: #e0e0e0; + background-color: #1f1f1f; +} + +#inner-box { + margin: 5px; + border: none; + background-color: #171717; +} + +#outer-box { + margin: 5px; + border: none; + background-color: #191919; +} + +#scroll { + margin: 0px; + border: none; +} + +#text { + margin: 5px; + border: none; + color: #e0e0e0; +} + +#entry.activatable #text { + color: #cccccc; +} + +#entry>* { + color: #e0e0e0; +} + +#entry:selected { + background-color: #4f4f4f; +} + +#entry:selected #text { + font-weight: bold; +} diff --git a/common/desktop_environment/gnome/wofi.nix b/common/desktop_environment/gnome/wofi.nix new file mode 100644 index 0000000..d3cd8e2 --- /dev/null +++ b/common/desktop_environment/gnome/wofi.nix @@ -0,0 +1,31 @@ +{ cfg }: +{ lib, ... }: +{ + config = lib.mkIf cfg.enable { + home-manager.sharedModules = [ + ( + { lib, ... }: + { + programs.wofi = { + enable = true; + settings = { + width = "28%"; + height = "38%"; + show = "drun"; + location = "center"; + gtk_dark = true; + valign = "center"; + key_backward = "Ctrl+k"; + key_forward = "Ctrl+j"; + insensitive = true; + prompt = "Run"; + allow_images = true; + }; + style = builtins.readFile ./wofi.css; + }; + } + ) + ]; + + }; +} diff --git a/common/flake.nix b/common/flake.nix index 1dcda32..020ff00 100644 --- a/common/flake.nix +++ b/common/flake.nix @@ -10,6 +10,7 @@ outputs = { home-manager, + ragenix, ... }: { @@ -23,14 +24,44 @@ { imports = [ home-manager.nixosModules.home-manager + ragenix.nixosModules.age + ./_home_manager ./options.nix ./general - ./home_manager ./boot + ./desktop_environment ./users ./programs + ./secrets ]; + config = { + _module.args = { + inherit ragenix; + }; + }; }; + containers = { + librechat = import ./_containers/librechat.nix; + }; + }; + homeManagerModules = { + zsh = import ./_home_manager/mods/zsh.nix; + tmux = import ./_home_manager/mods/tmux/tmux.nix; + atuin = import ./_home_manager/mods/atuin.nix; + zoxide = import ./_home_manager/mods/zoxide.nix; + starship = import ./_home_manager/mods/starship.nix; + direnv = import ./_home_manager/mods/direnv.nix; + ssh = import ./_home_manager/mods/ssh.nix; + git = import ./_home_manager/mods/git.nix; + nix_deprecations = import ./_home_manager/mods/nix_deprecations.nix; + + launcher_rofi = import ./_home_manager/mods/launcher_rofi.nix; + + alacritty = import ./_home_manager/mods/alacritty.nix; + kitty = import ./_home_manager/mods/kitty.nix; + obs = import ./_home_manager/mods/obs.nix; + postgres = import ./_home_manager/mods/postgres.nix; + slicer = import ./_home_manager/mods/slicer.nix; }; }; } diff --git a/common/general/default.nix b/common/general/default.nix index f0d5397..60475af 100644 --- a/common/general/default.nix +++ b/common/general/default.nix @@ -53,10 +53,17 @@ in }; enableSleep = lib.mkEnableOption (lib.mdDoc "Enable auto sleeping"); }; + imports = [ + ./shell/common.nix + ./fonts.nix + ./tty_caps_esc.nix + ]; config = { # name this computer networking = { hostName = top_cfg.systemName; + nftables.enable = true; + firewall.enable = true; }; # Enable flakes @@ -115,6 +122,10 @@ in ) "!include ${config.age.secrets.github_read_token.path}"} ''; + # Enable zsh + programs.zsh.enable = true; + environment.pathsToLink = [ "/share/zsh" ]; + # nix helper programs.nh = { enable = true; diff --git a/common/general/fonts.nix b/common/general/fonts.nix new file mode 100644 index 0000000..04a93d2 --- /dev/null +++ b/common/general/fonts.nix @@ -0,0 +1,22 @@ +{ + pkgs, + ... +}: +let + hasNewJetbrainsMono = + if builtins.hasAttr "nerd-fonts" pkgs then + builtins.hasAttr "jetbrains-mono" pkgs."nerd-fonts" + else + false; + + jetbrainsMonoFont = + if hasNewJetbrainsMono then + pkgs.nerd-fonts.jetbrains-mono + else + (pkgs.nerdfonts.override { fonts = [ "JetBrainsMono" ]; }); +in +{ + config = { + fonts.packages = [ jetbrainsMonoFont ]; + }; +} diff --git a/common/general/shell/common.nix b/common/general/shell/common.nix new file mode 100644 index 0000000..2e08751 --- /dev/null +++ b/common/general/shell/common.nix @@ -0,0 +1,66 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; +{ + config = { + environment.systemPackages = with pkgs; [ + # Basics + vim + nano + wget + curl + fastfetch + bat + htop + unzip + git + fzf + ripgrep + lsof + killall + hdparm + speedtest-cli + ffmpeg-full + appimage-run + ]; + + environment.shellAliases = { + n = "nvim"; + nn = "nvim --headless '+SessionDelete' +qa > /dev/null 2>&1 && nvim"; + bat = "bat --theme Coldark-Dark"; + cat = "bat --pager=never -p"; + # TODO this may not be needed now that I am using `nh` clean mode (see /hosts/_common/configuration.nix#programs.nh) + nix-boot-clean = "find '/boot/loader/entries' -type f ! -name 'windows.conf' | head -n -4 | xargs -I {} rm {}; nix store gc; nixos-rebuild boot; echo; df"; + + # general unix + date_compact = "date +'%Y%m%d'"; + date_short = "date +'%Y-%m-%d'"; + ls = "ls --color -Gah"; + ll = "ls --color -Galh"; + lss = "du --max-depth=0 -h * 2>/dev/null | sort -hr"; + psg = "ps aux | head -n 1 && ps aux | grep -v 'grep' | grep"; + cl = "clear"; + + # git + stash = "git stash"; + pop = "git stash pop"; + branch = "git checkout -b"; + status = "git status"; + diff = "git diff"; + branches = "git branch -a"; + gcam = "git commit -a -m"; + gcm = "git commit -m"; + stashes = "git stash list"; + + # ripgrep + rg = "rg --no-ignore"; + rgf = "rg --files 2>/dev/null | rg"; + }; + + environment.shellInit = builtins.readFile ./common.sh; + }; +} diff --git a/common/general/shell/common.sh b/common/general/shell/common.sh new file mode 100644 index 0000000..4287c4d --- /dev/null +++ b/common/general/shell/common.sh @@ -0,0 +1,176 @@ +# Check if ~/.config/environment exists and source all files within it +if [ -d "$HOME/.config/environment" ]; then + for file in "$HOME/.config/environment/"*; do + if [ -r "$file" ]; then + if ! . "$file"; then + echo "Failed to source $file" + fi + fi + done +fi + +# Basics +htop_psg () { + htop -p $(psg $1 | awk '{r=r s $2;s=","} END{print r}') +} + +htop_pid () { + htop -p $(ps -ef | awk -v proc=$1 '$3 == proc { cnt++;if (cnt == 1) { printf "%s",$2 } else { printf ",%s",$2 } }') +} + +psg_kill() { + ps aux | grep -v "grep" | grep "${1}" | awk '{print $2}' | while read -r pid; do + if [ -n "${pid}" ]; then + echo "killing ${pid}" + kill -9 "${pid}" &> /dev/null + fi + done +} + +psg_terminate() { + ps aux | grep -v "grep" | grep "${1}" | awk '{print $2}' | while read -r pid; do + if [ -n "${pid}" ]; then + echo "Terminating ${pid}" + kill -15 "${pid}" &> /dev/null + fi + done +} + +psg_skill() { + ps aux | grep -v "grep" | grep "${1}" | awk '{print $2}' | while read -r pid; do + if [ -n "${pid}" ]; then + echo "Killing ${pid}" + sudo kill -9 "${pid}" &> /dev/null + fi + done +} + +mail_clear() { + : > /var/mail/$USER +} + +speedtest_fs () { + dir=$(pwd) + drive=$(df -h ${dir} | awk 'NR==2 {print $1}') + echo Testing read speeds on drive ${drive} + sudo hdparm -Tt ${drive} + test_file=$(date +%u%m%d) + test_file="${dir}/speedtest_fs_${test_file}" + echo + echo Testing write speeds into test file: ${test_file} + dd if=/dev/zero of=${test_file} bs=8k count=10k; rm -f ${test_file} +} + +speedtest_internet () { + speedtest-cli +} + +# git +getdefault () { + git remote show origin | grep "HEAD branch" | sed 's/.*: //' +} + +master () { + git stash + git checkout $(getdefault) + pull +} + +mp () { + master + prunel +} + +pullmaster () { + git pull origin $(getdefault) +} + +push () { + B=$(git branch | sed -n -e 's/^\* \(.*\)/\1/p') + git pull origin $B + git push origin $B --no-verify +} + +pull () { + git fetch + B=$(git branch | sed -n -e 's/^\* \(.*\)/\1/p') + git pull origin $B +} + +forcepush () { + B=$(git branch | sed -n -e 's/^\* \(.*\)/\1/p') + git push origin $B --force +} + +remote_branches () { + git branch -a | grep 'remotes' | grep -v -E '.*(HEAD|${DEFAULT})' | cut -d'/' -f 3- +} + +local_branches () { + git branch -a | grep -v 'remotes' | grep -v -E '.*(HEAD|${DEFAULT})' | grep -v '^*' | cut -d' ' -f 3- +} + +prunel () { + git fetch + git remote prune origin + + for local in $(local_branches); do + in=false + for remote in $(remote_branches); do + if [[ ${local} = ${remote} ]]; then + in=true + fi + done; + if [[ $in = 'false' ]]; then + git branch -D ${local} + else + echo 'Skipping branch '${local} + fi + done; +} + +checkout () { + git fetch + git checkout $1 + pull +} + +from_master () { + git checkout $(getdefault) $@ +} + + +# nix +alias nixpkgs=nixpkg +nixpkg () { + if [ $# -eq 0 ]; then + echo "Error: No arguments provided. Please specify at least one package." + return 1 + fi + cmd="nix shell" + for pkg in "$@"; do + cmd="$cmd \"nixpkgs#$pkg\"" + done + eval $cmd +} + +# Marks some files as in "git" but they won't actually get pushed up to the git repo +# Usefull for `gintent .envrc flake.lock flake.nix` to add nix items required by flakes in a git repo that won't want flakes added +gintent() { + for file in "$@"; do + if [ -f "$file" ]; then + git add --intent-to-add "$file" + git update-index --assume-unchanged "$file" + echo "Intent added for $file" + else + echo "File not found: $file" + fi + done +} +alias gintentnix="gintent .envrc flake.lock flake.nix" + + +# Aider +aider () { + http_proxy="" all_proxy="" https_proxy="" AZURE_API_BASE=http://100.64.0.8 AZURE_API_VERSION=2024-02-15-preview AZURE_API_KEY=1 nix run "nixpkgs#aider-chat" -- aider --dark-mode --no-gitignore --no-check-update --no-auto-commits --model azure/gpt-4o-2024-05-13 $@ +} diff --git a/common/general/tty_caps_esc.nix b/common/general/tty_caps_esc.nix new file mode 100644 index 0000000..1803f40 --- /dev/null +++ b/common/general/tty_caps_esc.nix @@ -0,0 +1,16 @@ +{ + lib, + pkgs, + ... +}: +with lib; +{ + config = { + services.xserver.xkb.options = "caps:escape"; + console = { + earlySetup = true; + packages = with pkgs; [ terminus_font ]; + useXkbConfig = true; # use xkb.options in tty. (caps -> escape) + }; + }; +} diff --git a/common/home_manager/programs/alacritty.nix b/common/home_manager/programs/alacritty.nix deleted file mode 100644 index 457dbe7..0000000 --- a/common/home_manager/programs/alacritty.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ ... }: -{ - programs.alacritty = { - settings = { - window = { - decorations = "None"; - dynamic_title = false; - }; - colors = { - primary = { - foreground = "#e0e0e0"; - background = "#262626"; - }; - normal = { - # Catppuccin Coal - black = "#1f1f1f"; - red = "#f38ba8"; - green = "#a6e3a1"; - yellow = "#f9e2af"; - blue = "#89b4fa"; - magenta = "#cba6f7"; - cyan = "#89dceb"; - white = "#e0e0e0"; - }; - }; - font = { - normal = { family = "JetBrainsMonoNL Nerd Font"; style = "Regular"; }; - size = 12.0; - }; - }; - }; -} - diff --git a/common/home_manager/programs/atuin.nix b/common/home_manager/programs/atuin.nix deleted file mode 100644 index 165263c..0000000 --- a/common/home_manager/programs/atuin.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ ... }: -{ - programs.atuin = { - enableZshIntegration = true; - flags = [ "--disable-up-arrow" ]; - settings = { - workspaces = true; - exit-mode = "return-query"; - enter_accept = true; - sync_address = "http://100.64.0.2:8888"; - sync = { records = true; }; - }; - }; -} - diff --git a/common/home_manager/programs/tmux/tmux.nix b/common/home_manager/programs/tmux/tmux.nix deleted file mode 100644 index d00e1f6..0000000 --- a/common/home_manager/programs/tmux/tmux.nix +++ /dev/null @@ -1,81 +0,0 @@ -{ - lib, - config, - pkgs, - ... -}: -{ - # home manager doesn't give us an option to add tmux extra config at the top so we do it ourselves here. - xdg.configFile = lib.mkIf config.programs.tmux.enable { - "tmux/tmux.conf".text = (lib.mkBefore (builtins.readFile ./tmux-reset.conf)); - }; - - programs.tmux = lib.mkIf config.programs.tmux.enable { - # Revisit this later, permission denied to make anything in `/run` as my user... - secureSocket = false; - - # default is B switch to space for easier dual hand use - shortcut = "Space"; - prefix = "C-Space"; - baseIndex = 1; - mouse = true; - keyMode = "vi"; - shell = "${pkgs.zsh}/bin/zsh"; - terminal = "screen-256color"; - aggressiveResize = true; - sensibleOnTop = false; - - plugins = with pkgs.tmuxPlugins; [ - { - plugin = catppuccin.overrideAttrs (_: { - src = pkgs.fetchgit { - url = "https://git.joshuabell.xyz/tmux-catppuccin-coal.git"; - rev = "d078123cd81c0dbb3f780e8575a9d38fe2023e1b"; - sha256 = "sha256-qPY/dovDyut5WoUkZ26F2w3fJVmw4gcC+6l2ugsA65Y="; - }; - }); - extraConfig = '' - set -g @catppuccin_flavour 'mocha' - set -g @catppuccin_window_left_separator "" - set -g @catppuccin_window_right_separator " " - set -g @catppuccin_window_middle_separator " █" - set -g @catppuccin_window_number_position "right" - set -g @catppuccin_window_default_fill "number" - set -g @catppuccin_window_default_text "#W" - set -g @catppuccin_window_current_fill "number" - set -g @catppuccin_window_current_text "#W#{?window_zoomed_flag,(),}" - set -g @catppuccin_status_modules_right "directory application date_time" - set -g @catppuccin_status_modules_left "session" - set -g @catppuccin_status_left_separator " " - set -g @catppuccin_status_right_separator " " - set -g @catppuccin_status_right_separator_inverse "no" - set -g @catppuccin_status_fill "icon" - set -g @catppuccin_status_connect_separator "no" - set -g @catppuccin_directory_text "#{b:pane_current_path}" - set -g @catppuccin_date_time_text "%H:%M" - ''; - } - { - plugin = resurrect; - extraConfig = '' - set -g @resurrect-strategy-nvim 'session' - set -g @resurrect-capture-pane-contents 'on' - # Hook to save tmux-resurrect state when a pane is closed - set-hook -g pane-died "run-shell 'tmux-resurrect save'" - ''; - } - { - plugin = continuum; - extraConfig = '' - set -g @continuum-restore 'on' - set -g @continuum-save-interval '5' # minutes - ''; - } - ]; - }; - - home.shellAliases = lib.mkIf config.programs.tmux.enable { - t = "tmux"; - tat = "tmux attach-session"; - }; -} diff --git a/common/programs/docker.nix b/common/programs/docker.nix index 104e4dd..c3aea93 100644 --- a/common/programs/docker.nix +++ b/common/programs/docker.nix @@ -1,7 +1,6 @@ { config, lib, - pkgs, ... }: let @@ -12,7 +11,6 @@ let "docker" ]; cfg = lib.attrsets.getAttrFromPath cfg_path config; - users_cfg = config.${ccfg.custom_config_key}.users; in { diff --git a/common/programs/ssh.nix b/common/programs/ssh.nix index ca4bb46..6cbc169 100644 --- a/common/programs/ssh.nix +++ b/common/programs/ssh.nix @@ -12,6 +12,7 @@ let "ssh" ]; cfg = lib.attrsets.getAttrFromPath cfg_path config; + users_cfg = config.${ccfg.custom_config_key}.users; in { options = @@ -87,8 +88,6 @@ in fi ''; }; - }) config.mods.common.users; - + }) users_cfg.users; }; - } diff --git a/common/secrets/default.nix b/common/secrets/default.nix new file mode 100644 index 0000000..ead7c0e --- /dev/null +++ b/common/secrets/default.nix @@ -0,0 +1,91 @@ +{ + config, + ragenix, + pkgs, + ... +}: + +let + ccfg = import ../config.nix; + users_cfg = config.${ccfg.custom_config_key}.users; +in +# TODO auto import secret files here +# secretsFile = (settings.secretsDir + /secrets.nix); +{ + environment.systemPackages = [ + ragenix.packages.${pkgs.system}.default + pkgs.rage + ]; + + age = { + secrets = + # builtins.mapAttrs + # (name: _value: lib.nameValuePair (lib.removeSuffix ".age" name) { + # file = (settings.secretsDir + "/${name}"); + # owner = lib.mkDefault users_cfg.primary; + # }) + # (import secretsFile); + { + nix2github = { + file = ./secrets/nix2github.age; + owner = users_cfg.primary; + }; + nix2bitbucket = { + file = ./secrets/nix2bitbucket.age; + owner = users_cfg.primary; + }; + nix2gitjosh = { + file = ./secrets/nix2gitjosh.age; + owner = users_cfg.primary; + }; + nix2h001 = { + file = ./secrets/nix2h001.age; + owner = users_cfg.primary; + }; + nix2h002 = { + file = ./secrets/nix2h002.age; + owner = users_cfg.primary; + }; + nix2joe = { + file = ./secrets/nix2joe.age; + owner = users_cfg.primary; + }; + nix2gpdPocket3 = { + file = ./secrets/nix2gpdPocket3.age; + owner = users_cfg.primary; + }; + nix2t = { + file = ./secrets/nix2t.age; + owner = users_cfg.primary; + }; + nix2linode = { + file = ./secrets/nix2linode.age; + owner = users_cfg.primary; + }; + nix2oracle = { + file = ./secrets/nix2oracle.age; + owner = users_cfg.primary; + }; + nix2l002 = { + file = ./secrets/nix2l002.age; + owner = users_cfg.primary; + }; + nix2lio = { + file = ./secrets/nix2lio.age; + owner = users_cfg.primary; + }; + nix2oren = { + file = ./secrets/nix2oren.age; + owner = users_cfg.primary; + }; + github_read_token = { + file = ./secrets/github_read_token.age; + owner = users_cfg.primary; + }; + headscale_auth = { + file = ./secrets/headscale_auth.age; + owner = users_cfg.primary; + }; + }; + }; +} diff --git a/common/secrets/secrets/github_read_token.age b/common/secrets/secrets/github_read_token.age new file mode 100644 index 0000000..16ddfed --- /dev/null +++ b/common/secrets/secrets/github_read_token.age @@ -0,0 +1,35 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USBvUXpV +T1BVTDlKcUxjNmwzVWpPM3VtcUVrRWZJVXk3Vm81UHJMSGpMNlJ3Cld5NlV2Z25M +cmZvZWNrRjJOU2dkVmVCRDQzMWowZnhyTHZrT1dhbDdnOU0KLT4gc3NoLWVkMjU1 +MTkgSmh2TCtRIDRicG5Pa2FXVERYdGVyVTZoYkcyWkJjbGRNSHJDeUJjRjVjUlI0 +RjdOMTAKdVN4SWI0L2dibVpxVy9hOGJTSEpxcEoxbSthTEZiQjB2WDUyT2VNdGI1 +WQotPiBzc2gtZWQyNTUxOSBTcENqQlEgdFFzK055WkFPYXIxbzZxT3YwZDdWd3hN +eU9XRXN1L2NKL2hTL0RVbnJTWQpveUcwanNRaHU2ZTVOQzBvcHY5NXhVZEU1a0Vr +K2hnOFU3RnJSWEZvWElnCi0+IHNzaC1lZDI1NTE5IEJZS0crdyBqb1YzcnQrQlhS +eklJTlgrVmRuc0JCTDBZK2VKdGRUTW90djNVeCtya0FRCkc2VStHa1AxRTd0M3c2 +dHR4NXZJWXp3MVNqai96Z21pT09OT3dqZ09BSFkKLT4gc3NoLWVkMjU1MTkgWHpm +bWFRIGhneFBKSlNhN1V6NFpRaDlOd2hmWnNjWUkrTDEzSVRsTkxCT1FadDdCVE0K +dU40YlFjR0cyWjdBQXJDbGJYY0xsSmw0VGM3ZlZwVlpyT3hNeG1YL0IrcwotPiBz +c2gtZWQyNTUxOSBSNSt4ZncgQ0FkQzl5T2J0UHBFaXpuc0xuaXdndmcrNDJKNGFV +NHFqcy9Uay9GdUNIdwp4WTBrUkN0SkFuKzZxRUt5aVJ4VTQxUmthQjFEL2NQcTVx +STg3SkdlK0hFCi0+IHNzaC1lZDI1NTE5IFJvWDVQUSBTcjRsUi9xb3g0TjRuUEQ1 +WVVrVEZsMlRHeklKdG1wVVgvR3pwS0JwWFJNCjF3RTF0WHB2cUxJc2FvM3g2ZG1H +Um0wRHBNaWdpaEhPZ3dIMnBsbURGd3MKLT4gc3NoLWVkMjU1MTkgRjRiYjhnIG1a +T0loVjRjTGF3S0NzZm5LUC9UZG9pMmhQQ2kzV2E2SFdTM2hXMUtCZzgKMCtDeUk5 +Tk1RZjhMc2dBZ0IydmZSWm5kcFFIQXAyUHI5MHFCSzZKM0RkUQotPiBzc2gtZWQy +NTUxOSB3ZHJaSkEgZlAvRWJUaDRQQW44QkM0Q1BjTWNuOVJ1MEU3K1VkeDZRanB4 +RlR6Sk9nbwpkOWlPS1J4SE81M0dwS0Q5RHZ6cURSOWFBcEFUQWo5a3ZFekJZWXA2 +eDlrCi0+IHNzaC1lZDI1NTE5IDVhZHFNZyBrbGNsWWRyL2dzMzJucHJia0JzTWl4 +TkhIWjF6N2tIcit3eUpMWjMvYW00CmxZNFo4NG9Tb2dDOE1yNTFsSVd3TFlCMTB1 +bEUzOUM2M0c4VlhRbG9JRzQKLT4gc3NoLWVkMjU1MTkgWmUxTXdRIGlQUWlrbjZn +NGF2QUsybU9WckJNZ05xTnVMZ25aM3RBYmViMW1hVE5UekUKY1Q2VGF6WUVacW4v +SXY5NjAwaUFkLzhYSktzdmV4SHRjMGY3WVhMckthTQotPiBpQDZ7azFMKC1ncmVh +c2UgO3sgdwphUEphdmhoTVRTSGJubjBOdmlLQ2JITUoxTTdUMlBEMVJXQTAvaGlI +U1IvdUFsZ3hVQlZ4RTYzZGNGTE10KytwCnVybzhzeUxRVmNuQW9RCi0tLSBLU3hj +ck90ZnVRTlViOW9MSStaOXk1S3VQblFjZTUrU1cyVnMxYjBmeDRFCsP4KaZlgIzG +0xW6BPaEq//3Yi31/ZUZP1ebdyomMaR9SY6ejwG0xLKAGdE12M+g0+YaVJnvHr46 +R4f4rdxeexGMqs+8X2LE4jb4Z1MMKb4mRFlUWSg8g3ejFld59ZDP8MXCNf16Fvek +Sz1fbg5fycapU5WBfpKkNq3d3j7YCWd4oSe/pgfZQZv7lBeEmyLeFmdmUZ9yLPgs +Tw== +-----END AGE ENCRYPTED FILE----- diff --git a/common/secrets/secrets/headscale_auth.age b/common/secrets/secrets/headscale_auth.age new file mode 100644 index 0000000..c111451 --- /dev/null +++ b/common/secrets/secrets/headscale_auth.age @@ -0,0 +1,34 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USA4bmJO +dWh4c2xlK3NzU09YSXBkaE9YN1h6Tm4wUGJYRnV0bkJYczZCbUdnCkZVQUl0L21w +S0F3OVE1WnFuRjRkaHNOOHFXdjZURE8xVjh6RWxmY0htNkEKLT4gc3NoLWVkMjU1 +MTkgSmh2TCtRIGRjRHZlUVBjbyt1OWtpUkJuZENXRzlVa1c2dTNLSktQZEFjdVFn +UmVkREkKL2VOMk9lajBMRG1wUnNqVW5RdWw4aFpITTFwQ2dta0VYRkhpSGJYWTd5 +RQotPiBzc2gtZWQyNTUxOSBTcENqQlEgU1dTd25VYmtQWllLSmsrT2VOY3pPckcx +VFd3ZGNnQXZqTGdDWmJFdE94cwp1YmhnVkJrY3R3ZVg1R2NleXFWVW4wY0R6NnVh +ZnB4WE1JVUx2eFIvRCtNCi0+IHNzaC1lZDI1NTE5IEJZS0crdyBERDhRWjNJTEV5 +QzJLYU1FajBCMkhNQTRocHQ2L3J2OGJIanhPVm5tREJFCk5YNmRtYlZBT2tYVFhQ +enBRclNsbjFKUTZ0TTlGWU1lL3J6UllkVTVkZkEKLT4gc3NoLWVkMjU1MTkgWHpm +bWFRIEc5OGc0eGJyTkhuTlR0Tjl1b3gzak80amNSQ2daMkVyQmdtQm9BQ0QwRk0K +dktDeDVaU1EzVWxMNjdrZFZiTWpFbTRzRHdXV3VXSUtldDRCM3hoR1llUQotPiBz +c2gtZWQyNTUxOSBSNSt4ZncgTTF6R2M0bE1jaEhsUWpCNS9hMk9iTGpvSk5Cc0N1 +RVFlSGVCbzNZOGdBdwo2TjAvblNzTFA5bXduRGF2eXJkcUlTalBqTkw5L3pmcW9v +Rk94RkNndld3Ci0+IHNzaC1lZDI1NTE5IFJvWDVQUSAybWw1YVdmdXdLaXkwd0g2 +MHNSeDZRVHNoVW5sbzZxRnVJaDgzWlBVckVrCml6TldTSTNZMGk5V1E2cyttRGo4 +WXI3RUhFc2g2enNyb0xzaEY0aHE4YVkKLT4gc3NoLWVkMjU1MTkgRjRiYjhnIEl1 +MXJoanFhZWxISzlycS9lZExpUjdJVnZKNlF0SDQ5NjBOVTJzUnhlVVkKS1Vla1U0 +MFNsSXVOSkhlTmdhdks0WW9kUkVDZ3RvbzNBNExjRmMrTVF6VQotPiBzc2gtZWQy +NTUxOSB3ZHJaSkEgS3VqejY5QmczdzBWUGJ0eWVRaTZtRGZZOGJDWlhPV3NkRnlN +MlBRK3NYQQpaZlVHTjEwM0UvM2tJRytmNldVenlmV2hsY1pvcFI1Zm84cmlkTWdU +YzVnCi0+IHNzaC1lZDI1NTE5IDVhZHFNZyA2T2pnbjl2eXhiQXdzSVVFa0dJZkMr +T1drclJaa3MvYlJta05vTW9Jb0JNCmV5cHdCYXJxYVlNZEhiVXpxbHJMM2VyNXhr +aDVERzJTMzMwcjdJZ0Nlc1UKLT4gc3NoLWVkMjU1MTkgWmUxTXdRIEZIbkx1WnpW +Y0lFRHNsc05Sd0l1T1FNb1FjOTA4cHNjTVV4cjMyYUg1MXcKZXJWaEJNMzRuY3Nj +VWZXbEZuUlVsNTU0UjdJUktFN2Y4SnZjVW9nV3RETQotPiBhWC1ncmVhc2UgVjlc +SSAiIjVVZyBEcmhBTyA4X216CmtaUkxGRWJvSEhWUit1b2RxUHpLOENpN0RxeEVE +NnJqeDQxeUk1enlmSEk0cjVicGZianV1dHl0T1NYWGFjUHAKaEJ5ek5DUThzQWhl +ZjJLUUYydC9WbmNmTXZkS2V4YwotLS0gQytLV0dGMGJTVSt0dndhQnVHYXA0SnlR +eElSOGJJZ0xJczNvczRqMGhRdwrVisqYWHfJRTEfdkpjjJxfRdEXBU9cQpCAm4vg +Z/ys+RbW6dWBgz1PFAsf9F97z+LRBUE/A+aWViiFHXwFFV+PIRi5wtgR3xYRwjPU ++Qw11Ik= +-----END AGE ENCRYPTED FILE----- diff --git a/common/secrets/secrets/nix2bitbucket.age b/common/secrets/secrets/nix2bitbucket.age new file mode 100644 index 0000000..5bc9b52 --- /dev/null +++ b/common/secrets/secrets/nix2bitbucket.age @@ -0,0 +1,41 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USB1VGtY +MEdOWlZaSC9LMU82aWU4RkVQUEtmNXNtRE5jakhJOXRYelNNN3d3CnBBb1FQZ1Bm +ZU9WWSszT1FUL0F1RDZ2anZRUU56d0lMeEhWN3Y3VjJjTWcKLT4gc3NoLWVkMjU1 +MTkgSmh2TCtRIEI4dzI2U1FkM0I5a3FjbWc5MEs5aEFPVWhCODcwaFpNZ1RYZnZQ +bm15aVkKSUNYNjJjOHoreUJ0WUZEVjU0MTd3WXJ6VnNRM2ZlTE5UczdJQXRZN3p2 +OAotPiBzc2gtZWQyNTUxOSBTcENqQlEgNzFnd0JvbWxjSjJRYTR5REQweThRNjcy +NldVeWVsTHRkempzRHJnRWczZwpHTENSd01zejhkdWFIVlNvVTc0UWVwY3ROMFR0 +VktXSDRCOG54R0d6WE9vCi0+IHNzaC1lZDI1NTE5IEJZS0crdyBWZmdhZmpSaEVR +d2tFbzhlOEVBdEIvM3pYWDczR1dRMWZrY2ZDVGx4bnlvCnk2Q0JGcUl6bnl5VlMy +RjBIODI3dXdtb2JtSjJkT2huaFAvM20vM3VJOVUKLT4gc3NoLWVkMjU1MTkgWHpm +bWFRIFdleE1tMHNKVWVvTzMzTzV1R1lUeDB6VW9LTE43SEVLelJENXUvZHp0VkEK +a1ZUTnQ5dEZHZGFuWnlJeHpKNHZ4SlFoaGgzakcvU24xNzZoRW5Xbk9DNAotPiBz +c2gtZWQyNTUxOSBSNSt4ZncgUGhOV0dwNnl2SjdSb3RiZnNRYnFTa1lVN21XMEhV +RU95QUkxZWRhajNWNApFZFd6OUpXREE2cnlGNmpLMlMzbVZYWFYwVzBBUlduOVcw +OXpoZ3g0L2x3Ci0+IHNzaC1lZDI1NTE5IFJvWDVQUSBDcmQ2bVhhTkQ5OUIxMTZZ +OUQzMG5senZoUWo0Yll2enpVcU1LVS9mRFhnClE4K3RLUVlQbk9lMkh4R1B6U2w4 +ajVFODBKUUhqdjlOdENubzNLNmg3RUEKLT4gc3NoLWVkMjU1MTkgRjRiYjhnIEgw +dVViclNkMEhibHlQOE4waGdjdE9TaTByOE1jTkdlZ05Jc0FvWUUxaWcKVnd5WVY2 +RzBGZ3RMY2xUWlFsMVdVTnYrQXBlbHVmMXpOaVlCU3JkQm5FMAotPiBzc2gtZWQy +NTUxOSB3ZHJaSkEgcWRmSndkbm5VUXZhanZ2ZTZpU1NIT1cxbE9LcjVJOEh4Ymhy +aU5TYjN5dwpWNXRJQnEzOXdEOTQvM0U1WDhtMmY0NlArYzcvNTIyS1FRa3dOSGQ4 +Nmc4Ci0+IHNzaC1lZDI1NTE5IDVhZHFNZyBsV09IOGc2QWEyUm9ZL2tMTkRvTVdj +NEhIeVptanRYNlV6WC9kTzh1aERnClN3cHFiTnlQOU15QUNkTWwwdGUwTDR1V29J +VnNUV29MblRMUVNYaG1oYW8KLT4gc3NoLWVkMjU1MTkgWmUxTXdRIE5OSmxxWnd0 +Q25LdnBIa00yQ0twTmRUVnJDdUxnWGJNS2xYYUQyeDByZ2sKTEhlbEpaVEVsaUlW +L3NSdXRwZkVHQVE3a1VZYU5pbi9TN1VSUGRGU0hFSQotPiAmLWdyZWFzZSA2dmVb +T2I7WiBpIFYvIEBSTgpkTFNQUmxZMUFlcDRBUm9EaDhXU0V6emRtN1ljelZLUnVj +SDVUM2ttU0l3UFh0VnJrdnlkVmRCKzJJV2ExalZOCjhDMWFkUEVjcmRSV0xRemdJ +Y2xFUTJMaWZhTkYwSlhuMURlSGorZnBDMndWRGZqZG1xS3NSeDAKLS0tIFJScFFC +OXRBK3NZbFRiZ2RmVTlhWTBaRWh0Q210VjdpZmlvY25VKzl5eWMK0R3SnMZjeShA +rJ3mEOEIdaz5zvTnRkVvRaMOeSVBERJjm2pP3onTdwWPtr3hYUXWOBiaGJm3UVgt +XV5rymdIWgDFPJQimxlsOQYWS2DAP08fa70OHNake1DGcnAShZbndv5XO+cM1WKS +Fjy+/chkTJQAg7Il2NwheMV1m4zST3J0M2b2lTrIPqo/y1zH08OJAEWYRZrGmpDh +4cqLt3B5aF7hmgFwS1EHg0gygjtg2GbL33XgjONPmL02TbLYMH+lCTTGfrH7NTQx +06ixXsd+dkMu0SmUX3mKit5/ghNFpCNBOL/ptMJ/T10ryvjeZWHmYe+HlJhC9ncY +rjjRwFXGGbU6RnzHoZ2I8C70/h3Tu0KXOHhxHG37EJ7PX7MnAWISAugNwGof/0kB +DbAEw8FRCerrNdcCcTKXIIKCn5xNe3lCDZMtz1axUnN/POQ3uoynGy5LOtG6mwZr +dIKFY0DLW6Vo2cdr4g/+fCcTXWAhE///kNaL6kUDJemf+L8hH7ZOmGW+udkvl6vq +2Hc09/FWczLSfEaM+idz5D53gx7ehd/98EPs95AQiraBiB0aaDw= +-----END AGE ENCRYPTED FILE----- diff --git a/common/secrets/secrets/nix2github.age b/common/secrets/secrets/nix2github.age new file mode 100644 index 0000000..c04634b --- /dev/null +++ b/common/secrets/secrets/nix2github.age @@ -0,0 +1,42 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USA3Sjdp +bmxNOUlJbU14cWc1eU53dGQxQjhjbElZVEhKQVUwYVhXVy9QckJnCldnV2tiVnZx +UUdRQ1FsN1FuOVRHRDB2WUpvRUM2ZHRWbGtGeXJRdUZ4cDQKLT4gc3NoLWVkMjU1 +MTkgSmh2TCtRIDBLc0ZZR3RvczVHUzY2bklhWnhqWnJVbkp2bFVLM2hQQXg5V3I3 +Z2Vpd0kKYlNMcnNweVlIYjk1U3lBelo1WmxWaFRRMVlRNkswcEZBQTVlTzVFaFVK +WQotPiBzc2gtZWQyNTUxOSBTcENqQlEgRDNzeGsrTU1FckJJeFFja1hTbFU3cVVt +Z29ydW1tOVAxVGlCUVluMW1FTQpzRGU3eDYvMGdUdi9ERDRTNWI0aHdkR0gxL21Y +R1J1cTliVTRZYXdIM0p3Ci0+IHNzaC1lZDI1NTE5IEJZS0crdyBmWTVGc2I0ZnJN +UDAxbHp5c0xJelhrTTMrdnQyR3FtUDZNVFhYY05PMDJJCjFHVU4yVWkrNm9KZ3pC +Tll6R3FiQUVCTndYRlBzeUNmMTlDU0NHRVYzZ3cKLT4gc3NoLWVkMjU1MTkgWHpm +bWFRIEltakJ0Qlo3cXdCb01lYUNXQ3VyTkJwd2cwT3BpNXhOR2Yvd0ltSThRQ0UK +enp5cW9nMDhRQmNFWjNjb1NTMTVhejliODZCSWcwcmlpb3lQYnRIbCthQQotPiBz +c2gtZWQyNTUxOSBSNSt4ZncgSXhwL01Ca2xpZkVkNVp2ODVidWlhU0FISy9tQ3dO +YWRMWkdlc1JjVVBtdwpsZGV3dmZteFVvR0tZeWhDM3kwb1dua3JzYWVNRGxpTmRW +RzdZdnZpMU1NCi0+IHNzaC1lZDI1NTE5IFJvWDVQUSBMTFAwQWIvdE5YTVJiSWJ1 +aVZBREdXeSthaFBJeUJhbFNrTXFlYzMrVEdZCnRjNjVZY1p4OGZqcHcwWDgvZHFq +eE51YVd5cVdUWTIzQUJXbXRDNDZHQW8KLT4gc3NoLWVkMjU1MTkgRjRiYjhnIGZ0 +Q2toWnJWd2FZVDFRUEVnOVlZbkxoQlFzUDNHZFFJZU9EZGM4OWhZVjAKL3ovMC9h +Yk5RdzlRM2QxWmJqNVVEZ3RrOGl0cXlvK2pjdjhKbksyQ0UyQQotPiBzc2gtZWQy +NTUxOSB3ZHJaSkEgU3kxUWEyUUdPbmxaM1ZzUUlNOCtYQlo1dWhhS29hWEkvK2g5 +ZkVGeWN4cwpPSDFEeEE3TERGM084VzZjUFpiMEJZSkIyWkY0SzhsUGZoQWVTWEo1 +Mk9VCi0+IHNzaC1lZDI1NTE5IDVhZHFNZyBHNXlYbTQxNXJINTVkR2pBOFB0MWV1 +Q1UycEFqQ2RUcThObjg4QkFSZVZZCmNpNFc0Wmx0RzQrYXczZ3hTU2lOWGI5VUlj +Y2FPNFpKL2NiKzBEVjErSzgKLT4gc3NoLWVkMjU1MTkgWmUxTXdRIElkUWhucnVz +MEJjd3dLUlhSalZVNWlXZHNoRzU1TWMyS1pWaU5Lbk5nQzAKc2orbmhhWW1yc0J3 +SDIweWI3WEVBeGJJMmEyQTVFcjk4eTl5Rm1aTllrbwotPiBfOmR9SFh+LWdyZWFz +ZSA3dV4ocWU0WCBbbFAgZDReCmpRTm5ianZlc1RKcTNwTHNlaXFFNmZ2K1VpRTRN +RGlUUUJhaGpTekJzY1ZZMFM4QmFpZFlBTDJmczhhWHRwZkUKU0RueU1sMlZENi9M +RnVjbzgzTDN5UHQ3Y0R3Q0YyS0FYcGtQLzhvZndPZjBibGM0K2pVRVpjSTNURmQ5 +dzh1VQpXZwotLS0gNDVMb2tqN0dSU053NXpYZSs1WVQvaHhKYXN4dExTZjZwcGxB +ZlYwaDBRQQoRn3fGi5O2d7yMfThg58mtf57eNTiUtUyD2Iq6ToRr2KQviWZChhWW +2S/eOIkFCk6q0Srdo2pP0yIChT6KbmfLkP2H0TxqmwrxJsKrqEBloZlN7hQmD34D +ZGatzk5TwPKIoZTdPis+tP/7RNtHhDlAQdpRnpfKT6NtW89asQK44XBh80G25DyC +kD5oSNi2sHXMDj8b3mpUkhqzYh1xlUAuR5KxPtSXSp+d2xQwnmi3Cs0xi5oyYQQA +VvWVyNkKRJSkSm1+KLej1urqGU+z6KHjv4obF9rtxv0NGUL6Ii4RDFWqxWLHC3JM +81v3lf65Fb3f9F9L7AfN42tPHogRZz31HlvXfUoRiddMrB4rasaTXjZaciZdf5IK +WQC6bmI0FYhtCh1o+75QHke3lpaBbi5xuxq+nv4roFeyd4Uqx4i/wDQ6cS7vb40J +CULCnkHTydNXJODhNlFisprS/b/tR05/Ds+Xr+J3OAdyjK/nKbe525IZKuY6N03q +tuAyRLxjZQQpOcGSzWxP/hIFFJAGxf/8t1BqYInQ4ikUtnmgHXp2Lumkxti7HSDz +oUl23nL69A== +-----END AGE ENCRYPTED FILE----- diff --git a/common/secrets/secrets/nix2gitjosh.age b/common/secrets/secrets/nix2gitjosh.age new file mode 100644 index 0000000..1c685d1 --- /dev/null +++ b/common/secrets/secrets/nix2gitjosh.age @@ -0,0 +1,39 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USB6TGVm +TkdpelRGS2gvcEJxQ01XLzE5SHd0OTc3ajNMNWlwckR6YlViQmdVCkYwYmFIZE1s +bWtoUDlHSFl4enhOcVlCbjVYbHhUdE9DRXJOUldCcnA0R1kKLT4gc3NoLWVkMjU1 +MTkgSmh2TCtRIEdUT0lBcjFVVUVrWXY1SGprTmJKR29hWDZ3Q2ZycmV4bCtQcXZO +RWlrUmcKYlNCZ1MwOHI2VXZjNWxWekk1MjYwc05wcGxEaWJBVzNPeG0rRDBGcmxi +VQotPiBzc2gtZWQyNTUxOSBTcENqQlEgZzZwR0E4d1JMM3RFUGFvQ2Ivd3hvV25J +TTQya3pHYkNGTHRkbDE3eVdnSQo2OXBMR1FiZktXOENrODBvUmlrQy9MLzdGU2xT +QUhEMEd2dlUzSnB1SFkwCi0+IHNzaC1lZDI1NTE5IEJZS0crdyA4OVF1S29teEd4 +UlFkWUVkblFnRlBYWWZWWUw5N3l3cHM5dTdnTGdLcXhZCm1jZnM1NGZkbkVnY0k4 +UEZyS09NSlExRzFFcDJlRDJNTVQwZUlPM0lsUTQKLT4gc3NoLWVkMjU1MTkgWHpm +bWFRIDBWOTNjZUhjcGIwTXg0S3MrL1J5OVJqQ3VPMmtVdDlsSXBuK3B6RmFURUUK +aVVqWk02R2pUNTE0WDBZV1FqNlpnbk5ja1JUcjNZcGQvU3Z4dm5ZTWtVQQotPiBz +c2gtZWQyNTUxOSBSNSt4ZncgSTlaTkxGNVpaVnpsblhSOVNtdGpqaUNhQ01zbFRG +QzI1ZDNkTTAxeXF6awo0VmMxeEJXNnA2MUJza2o2MUNISVV6b1hMdFB1M1p2alJ1 +T3J4Y3RXMDNVCi0+IHNzaC1lZDI1NTE5IFJvWDVQUSBxb2t2ZjlSditxa0lnRmJZ +c01wM000Unh2dVB3OFhwZzV0cklrU2VpZG40ClZuWTg3STlPVXZkZjlkVHZPWVEz +RjFvTVdFTFdaa2puRGh3WTZvTlRvMkkKLT4gc3NoLWVkMjU1MTkgRjRiYjhnIHFY +NmxrMnBIYThVTXFaK21hOVFjeGxLWEJRc0VwMGdFZktuemNQbDZ4eW8KWEFPNEpl +elg2UnY1OFJFcTBHUldOM3UzdktaaVB4dUNoc0hVQ0phcC9mMAotPiBzc2gtZWQy +NTUxOSB3ZHJaSkEgRHFkb0lTcXZ4cGFlZzkrWFRIcmVVOStyUmpyZzBhb0xES2h6 +WTRXRHdRRQpWYThoZEhYMGxMTUJEd0hQODFMTUJZT3RGM0E1UFRua1NKd3JxRmU3 +T3hNCi0+IHNzaC1lZDI1NTE5IDVhZHFNZyBlenJkbWdVd0VkYWVUdWx2blhpYnNt +RlRDeTdUdGY2UFB6eVRkK1lLRHpvClRQTGxLYzlMZFo1aENxS2pEL2lEYU9NTS9I +RWh0cGlWTW11UVgwekRXb1EKLT4gc3NoLWVkMjU1MTkgWmUxTXdRIDRXL2xUZ21F +a1FQUWJ0VjVLUkRHZU1SRkV2b0RrbXB1MmlSQjdtcXF6enMKZW5oTFBybGo4clNs +dnQrZWdpMDl0ZWdYU3Z4bDd2cTU0dGtseEFIcTVGUQotPiBpWEAtZ3JlYXNlCjFG +VlBBbVdmYlVRYzRtd2Ivb2NjODkxV25KY0lIU21XS1J4T2N5VQotLS0gNDNWMDh2 +bGlMR3I2KzhNN3pWTC9NQmw0NEJ1RXFrRzE3bUVHTCtIUlZVUQqotvqxr8ikzOqN +qGr5OKLvK21Pi6LR8mF/2ol/n7XKiJEzhNRXwqPN62TOMkd8ODKn0diHwbEvehcT +jW4F448glda6phmnke29f2Uq8Ls0mivd752Z0mV50pIEKHc0Y6ogUARiMKfBKmoy +Lebc2XY4Y/lFUVunGWaJoufQLMI4swKbwed7rujdq3sxinDSwzUAw4ltID8IMG4Q +ql4Q54e7Qu730NcXucmNuryWW0DKopWTobsnDVCfMN7ZXC4u+IsuL1xqdd+yC65u +6H+5x8EoTaH2EQDaGVa1B9BdTut9E+0VKZRW7OopwGFTuX94PmWrfaaWlfO3BeKx +JcCMUvWgSbv0PVqHC++mbxrC4/JNC/fr/KIFmG9TEVh1RCVqJTug/MNyY4qwrzEX +lLEbs6TDPMq77/wij1kbeNArynvzhDBVjPQD/V3xZi8XkaE/quOW9ajnb5P4W9Sy +yJnqL0WvKER69gOkkouRWlEzS4LWVWCLHwuskpBlJYbmpAmmfSnXRlE9MFzZOwYK +++yH9wViG0crNiic+NCCILFG2JjR1i0bNFgksNaswo374ActWw== +-----END AGE ENCRYPTED FILE----- diff --git a/common/secrets/secrets/nix2gpdPocket3.age b/common/secrets/secrets/nix2gpdPocket3.age new file mode 100644 index 0000000..9c473a0 --- /dev/null +++ b/common/secrets/secrets/nix2gpdPocket3.age @@ -0,0 +1,40 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USBPa21J +b0Y3OXlUYmduTCtDVVc2TWZCY0RVZUxObW9OR0xmaEZpUjF1aUM0ClpDNzJRaVVk +ZE0wU1BEYmM4MEw4czluSldHYnhZQldZVktieTdqMWM5NGMKLT4gc3NoLWVkMjU1 +MTkgSmh2TCtRIFM0WkR2ZHplUW04UTRkenNqV3o2SUxzZWFic0p5WW16Sit1Rk9I +cU9RaVUKWjhTS3d5Zy9BRVExaCs3Yi8vYi9UVXhSSmtRTEJxK1h4dHlydDhLZjBU +VQotPiBzc2gtZWQyNTUxOSBTcENqQlEgc1F3QWFqQjdXaTJkQ2hKSi9Bc3pSQTli +amY5am4wdlFZVnJWNGp2VGZoWQpNV0FSMWJ3c0twYk9wSG1PUjRkR0FYS3JZZVpH +SGRoQ2RaWjJnUDJvVk5jCi0+IHNzaC1lZDI1NTE5IEJZS0crdyBSR0FnNnF1bjR4 +bk05bWdYaFQrZkRFeGVIUzBCMFZKeW54ZHI0Mk9zYVRFClhEL3phVUFNUkc5amdX +UWZ5cUtUWHZ0eE9ZbnpobElMS2RoT3NESzhrdEkKLT4gc3NoLWVkMjU1MTkgWHpm +bWFRIFJ2SGJYbG5FNmgyeW8xY0J1ZTRrcEZEYnhLS3dUL1VhMVI1endFb2d2M2cK +cGF0Q2pKMklMTUJmdjhlVGlHc3pzTFdwdDZ1b0daQTI2bHhtNk1URWtNbwotPiBz +c2gtZWQyNTUxOSBSNSt4ZncgMjZGczJrQ0pWdGIrbTcxMElpZ0FSczc5WGVrN09G +am5DUVhrVWZZRE5WdworaGozUWRCQmY5dWVOVnJ5YUI0OEJ1NENCbS9YeUI1YXF4 +eGxESVBEeW9JCi0+IHNzaC1lZDI1NTE5IFJvWDVQUSBVRU40YXpBdVZNYXBFVU4z +ZTUrZHVxWi9KUW0zOHJMbkRFRlFEbGdUUmdzCmcxSndnbG9QSFE3LzFFTUdzUTVD +c3RsOTdmRzByckFxZ0dHUmxJcUF4dzgKLT4gc3NoLWVkMjU1MTkgRjRiYjhnIGNJ +YnJpNE13M0FNSmxFaDVoc2lEcGgrOGhydVBVeS9Jc1hnckhqWGE0aU0KOEYzdEpS +ZnRLLzVXZGYxeG8raUUyVDdQdEE1L3F4NGxJOFB5V2VNTlNTMAotPiBzc2gtZWQy +NTUxOSB3ZHJaSkEgYTZybWdSVll2YTNPN3AwRzBVQTNqeHF3SjVFUG1OcFh4RXNK +UTNwOVF6cwpxZUcrL0gwbHlmODBvMUF6ZEQ2V3VjcTdvNzZadU9mWjA1M2IvVEdS +R1RNCi0+IHNzaC1lZDI1NTE5IDVhZHFNZyB0VTFXaGwrNUdPNGdhZW83Z0dOdzNK +RTdlSDFXS2IrYVlzZ2dudnJUbVg4ClNkMHQ2SGIvckViemw2dWhoeEVxSlZhMEk2 +MURjTUNQdGcxYTFUeVN2OWcKLT4gc3NoLWVkMjU1MTkgWmUxTXdRIEZZQ1dPamFv +cjd1cXVacWI1MFNDY2tiN0NrbU9Jb1ZraFg4d3VIc0RzaXMKVnhEWXNxUkNJbVli +Vk5NUjBoL1RXN3JpOElzWGRhdXpVemtCTUJWWE5aOAotPiAqUmI0SzxcdS1ncmVh +c2UgTj5AWUkwVGggQCBCCnNEU2lEaTc4M0hEa2hQb3dmOWdUKy9VV3dKWnVjWnVT +NW8rTGpGRzBpSXRUCi0tLSBPVzFxckF2NTJBQVkydUNwVVFETmgrcHZLcmhIVTM3 +a3lXTy9oWHAxOE9zCmz8lA4HcXxPG9PDsZrG/bRyYR9uXiGBQ3aPzYgovO7VALuN +Vj3er0hkDRQOD5r0IiwUsJenqUd/BNPgT69916BOW1e+sugjIXUIjWlkDPuRI78j +gueTRUnl4OQGEnOesN+qJZPUovyk2br3uKskCuZCAoYEvhgA3u/lMPb4nOj7oGT1 +pvwlJg6v5p7yJ3uBkBpXZEZJoHInF3PRwh8irZ0gJNSp1vJYIW805RGZ8tQ453/y +a6VKBTk9nT2nOtrM2Fgm4IEqMOJ0aLcGRzLKMCHuALt6akqtuXpIWrc9mvHHZT6Z +geoNhvFVOCREbksAQT9OqC2sWY77cwLl8GqFGtKOI7a+PSKbBxsZuqD8AgmIoNMq +JKA1OviYfCc2+MhJ6woavcJp9jYC+uIRQWNeMv/pCBfUMI5GsP5NxocV0rq22n5+ +QXi1GW20cujqVgQjtMqyAun5u9xc6xeKJIKwxjK2xVbQ1Ritqn+Pj2jnUCh5KXBc +ZCQwCInPO7z06wD5x0mEP+nQbFqe6BzyTtFD6u52gaGhELlBw6RvP7ptEG/GCAvd +3L4AtcHj4melBlCC5XgW4BbEyvxOhCfY +-----END AGE ENCRYPTED FILE----- diff --git a/common/secrets/secrets/nix2h001.age b/common/secrets/secrets/nix2h001.age new file mode 100644 index 0000000..40e56b8 --- /dev/null +++ b/common/secrets/secrets/nix2h001.age @@ -0,0 +1,39 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USBoNVpS +UWlLTzNmZm9ZVTZXaTVmeEpXSW1ZdWl0d3E5UE11eFJtT1BKZnpnCk1jREVVdUNp +WkhNSyt4S3Q1MUNtMVVSZnUxbzN5b29LQk5lTWZoZTR2cmMKLT4gc3NoLWVkMjU1 +MTkgSmh2TCtRIDA3NWl3dVVqbnB1TFRrVGJXb05Ec3QyOXYrdDVxblUrbE50TitT +ME1lSEkKRWVOSnJ2SWE1OVIrMWdKU2g0YTJjaE5XUTF4a0ovdktsSmZydldXT3NG +ZwotPiBzc2gtZWQyNTUxOSBTcENqQlEgdWVjQmxaQ2tieTdVeWgyUFNlak1HVVRQ +Zi9EYVpBekxURURvcitiK3hDRQp3YVIyaWFTS3Y4RnJxUDBua2YvVXUwZjk2dkpv +Q3pnU0NXNFg4K3FlNG04Ci0+IHNzaC1lZDI1NTE5IEJZS0crdyBtWjBxZXNEZjZF +aU5Cdkg1ekZ5b2E3REpCQkZOTk1TL25ibUJrbjZBQ1RvCjdGNEVhUGhRNDNxVnpD +blUvQ0hsYUhkYVE2T0VFb0JBZ1BNUGtNTmlCcXcKLT4gc3NoLWVkMjU1MTkgWHpm +bWFRIGJXMno3NDR0OXM5ZkZFOUozSFN3L1RZMU4zY1J0RVNYVHI4REtNbnRVVlkK +NjV0NkNkdU9Qb2k3Q0RiN0FtaVJ3dWUzdXJOeHVIUG5RUVc3aW5MUTFGSQotPiBz +c2gtZWQyNTUxOSBSNSt4ZncgYWlYMjkrZmxFckJ3dVBtdVFpd3lPT1ZPL1U1bGl6 +eW5pK2g5NmNVVHJUZwpEQzhKUWVtYUxYTVNPbEp6U1Z3Z01GTC9PMEZQdFREL1Rq +WGxrRlhicVdjCi0+IHNzaC1lZDI1NTE5IFJvWDVQUSBmemdzeFo1T1dzcERtNU1m +V01RMVE4Q3QzLzMzb01pOU82bEdUSGRTWkY4CmxsZUhFQzlUcXp2dHdIMW91SFFM +REtZUDRQdU5sVUQ1UVJYdDIwdUJPMkEKLT4gc3NoLWVkMjU1MTkgRjRiYjhnIGFM +YlpuTHRLKzVFd1JiT0wyVmo5WWUwaW1kd0VEYWVGQ09rM1JrU1V6QlEKN2NqRk92 +aWZxNlU0TVRvd3E2akY1UytQY2s0bE5PaCtNdFR2SEhqYlF6cwotPiBzc2gtZWQy +NTUxOSB3ZHJaSkEgRVZNZUNHOVFIanplMGZuOUtqM3l1Ly9tcHI5MkRwYnVMeG11 +UUxhSmRWZwpsZHVkc2l2RVZCZGxJM1gxeFNVN1k2Rm1mbnRaY1lzcE9GSWVYdzN4 +OURVCi0+IHNzaC1lZDI1NTE5IDVhZHFNZyArc0VlME93TExrQ3JvWlJudzZ6TGJq +UUZZeW5LUVdjQ1pCSlMzUnkySUJZCjJVSDRTVHY1UlhXdkh2NEhJajhQTGU0ZVlz +NDV3Yis4UzZGQlBJZkt5dkkKLT4gc3NoLWVkMjU1MTkgWmUxTXdRIG16aVJoODBp +Snc4ckpaVmRSamd6OTZTQUh3dTZsMW53NzY2ZjMvMkx3aGMKUzFBSDkzRlBvN2Vl +dkM0RXIzNks5MFcvb1c3cjZBV3piVDFSd3dKZlFydwotPiBsaE1yX3AtZ3JlYXNl +CmxwTHFySDBzOVBRckgvNThGNk0zTktHbTY0b2llVXJYZ1EKLS0tIEpLN2wxclVK +MEcxdjUvUnFtem1XQW1UYmVzUGhRVkUyUWN2czM1RlQrSTAKZB2uCnpt9Xqz1w7+ +jwRVePaF2c2mWxgJUdpKpAZVgEUWkGSO6NEh3iTdLpsI9mDfh9KYRSPFqC9P1cf9 +5KId2A/oki3PNUtcuoaLn+xLPV06Zs3QsOds1ghO2AcCsVW4hC+Sgr02JelS5eCt +Q69nBpQSw3ePEaASSFMCU8Z4F+n0WpkAq5ERACZiHIwWDes4+PR3BRVDvjyUlFG0 +3mtSpotzlTtBJldJTado+oOS8eKBCMgoXmP9t8zFBLe+Aj48humYnNT6rPv2xj+C +Y+7FK8441uWdbu4PyNJEknF1k5YHYIg5pyrrDRGRtoomShZyqhufEAYpMIlCABpp +vPYj3iqqyV1T980Od94qlYJgpHEX6650gMSAtqpQdLmhnOwF2LW+g1Gpw7lfk4P2 +kzZCflwDGtXXXXPIyUiAB30zKCufjPXEl1x8oTXzbBKEE6lvHDgixtrNt6iMjVbN +n+Gon4PcolTdwkiEEst2POOV9Ll7KfOidMl1VfJxXKyt5jBA61xv54IQiCouUan8 +EhD4uiVHoPjWQ5E+h3YvedT7hrGWOzkxNbw8NUf9LDIk7EA= +-----END AGE ENCRYPTED FILE----- diff --git a/common/secrets/secrets/nix2h002.age b/common/secrets/secrets/nix2h002.age new file mode 100644 index 0000000..f055178 --- /dev/null +++ b/common/secrets/secrets/nix2h002.age @@ -0,0 +1,39 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USBsNVNo +Z2ZuYkQ5TDhZNEt5VDFDVUlETFc5TDRpcVoyZVJqZjcrK3VTRkY4ClBJd3cyaTd2 +c0dVZXBBSGpQZEhiamEwSGJCZTY5K3VKVU4zSnpmUi8yeEkKLT4gc3NoLWVkMjU1 +MTkgSmh2TCtRIHd4MnFBWmJiZXdVd2FEQ2ZoS2FjSmVmaCt4Y1J1dFpuVndDTHlr +UVhpbW8KT2lyc3dxbTNacnprUDBmV3dPMGNoeXR4OWhCKzRLd050bjhOdmxmdlhT +WQotPiBzc2gtZWQyNTUxOSBTcENqQlEgS2dYbEdxMlZaQmhOSUtkcjg5YU02Yjkw +Y1RINWVUSVBZRE5MSEd2MWkwawpTZzhPTUlLU24vQkdkSDhsSUNta1h1T1FFUEww +R3RyaUVFZFpaN1I0ako0Ci0+IHNzaC1lZDI1NTE5IEJZS0crdyBsN1JhTDE3VFNt +T2xLMmFLUlJBSzVudU4zRXNUM0pWajQ3Ujg2eGhDV1V3CmMwRm9wRTRmeFUzUDNo +cERtZVhkMy9wYW81OUFMSnFDOWRWc3Z3QlBUWXcKLT4gc3NoLWVkMjU1MTkgWHpm +bWFRIHlLS1lieWoxRGlqYUVoRW9zY2Ftd2RyeWNmbktvd2s5SkFKOVF4UDJnbmcK +ZlRqZEUvN3JXRTM1ZUZoMkRlMUhyUWMzNjgyenROaUNzSU5SRFdGdFJXbwotPiBz +c2gtZWQyNTUxOSBSNSt4ZncgTWJjbGRkOWMyTGN0RzYwdzd1eEtsc2xuT0tlNDdQ +NlJYVll6UVhBWkdXcwpVYnNZSDhQeDlhYUVOUk5xb3JlNEVJME0yY0FRcFY0V3A1 +ZDArVXp1bkVzCi0+IHNzaC1lZDI1NTE5IFJvWDVQUSBXaktIV1dQdDdsMkVxOU1z +YjRFWVVPR0E1VWVmVGxFOW90S2w5ZEMwanpJCkw4ejV5M3RSZ0lYYjI4ekp5VDFO +Qk1ObzNZRDZtL0NFRWJMN0dUMU5NeGsKLT4gc3NoLWVkMjU1MTkgRjRiYjhnIFBK +UmhSM3JMRCt3QVVVOUFyVzJ2MHVVRno4NHE2OWM4WU9rTnJQbFB2MTAKVXJySC92 +WldVV1FoL24zeHhiUEpmNDYvZ1NraUZwQmRrMGVXb1ViaUcvTQotPiBzc2gtZWQy +NTUxOSB3ZHJaSkEgVCtUb09INWxCVmNQYVVPaXRHS3gzallUS0xjd1hCVUE4TytV +RFJlLzFscwpvOEdTZEJiTVY1QmE0OTRRMEZlYjRrM21oRzAvbGdMZVVjOUtma1Vs +Vm93Ci0+IHNzaC1lZDI1NTE5IDVhZHFNZyBPZEsvbjF6NlZpTmlsVkFpbUd3VTFu +TEN4bGIzSGlZN0tSZ2hrQnhjYzBnCjNzOGhoQmtQRzQ0bXBSLytid3JaVi9pZnlP +NHpiOUR1b0ZCTVFPUGFTSzAKLT4gc3NoLWVkMjU1MTkgWmUxTXdRIGlGa1dKMzhy +dHl4NW4xS1BBS3lqdUQxMmJOWnZkaGlkMk5Hd0Q3RjBsaTgKeWFYQzVCVVhGMXZ4 +eHlUSko3dUhVcG5UVGUrdm9lY2FpYjNickJ5WjNjZwotPiBJd35rdy1ncmVhc2Ug +X0hMXlxLQgpIZkFlCi0tLSBKU1BvTGN6a2JEL043czlmeHdFNWo0amZkelczRW9X +RVVGdmt4OFg3cTJVCoQXkEX485m5lMpu3aosZI0Smyp+CLo9V0kTfnYGfgcf5tXl +Foip7PquFErhYrKTumAY0p5VWqdhmTYu57yJW7UeuAMxyBgpVabcf28aFL3ricK0 +CgBSr3JqC2Am9C8Kt4aXm6/m6ylOHFKKyBFcDJlXrgn4c3WpJakAZc9056K+ndMi +5uGbKZxBYm7TCPvJtt1/78iiBOfrkPRcEaIwwhzSizPC/W0i/QdiWTbzPHoF0vr5 +NBfrIDuCX4ZNfV27nS1vDFfWEynF15vZkszmBSgVz91b0DLarTKKeTGVt/LNimQP +veUSBa2TAOmf+3OXGPicG/r1hewJtybs7pGMbxFItmjKObgZ/oH3Oa3ITrnVbjCo +IjCnaFBA/LdoFATLNx1zQh8eNVD1TROzFrgnoyGCEgXTg+FfOAIplFEScq9f3mYT +ZOWjkqNWWGIHfwOCFW+Isu21EIU+gZQ3kScVbuNSfSBD19cZCsTinR5TjWYgv59q +N669N7vjX/d+wbcZMllx3ZfBT8CQSf1JCC3a0pzFOEMQdLMmT0HOn9s4zp65kgao +x8J5Uh5avL1qPTMc +-----END AGE ENCRYPTED FILE----- diff --git a/common/secrets/secrets/nix2joe.age b/common/secrets/secrets/nix2joe.age new file mode 100644 index 0000000..359a84c --- /dev/null +++ b/common/secrets/secrets/nix2joe.age @@ -0,0 +1,40 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USB5em1S +Vkcyd0NFT2EyVlBuSmI5MmEzVmZ4TmNCdXhWMTFBREd6TDhySFJRCm4weWZjdlF0 +QXIwSURHWDZ2RWl2UEFSSlltdHRNTG02SERPUCtrUW45SzAKLT4gc3NoLWVkMjU1 +MTkgSmh2TCtRIGpWckxUL0t1a3kvMGFSSVNCN281djlYdDNwTncrMHMwYmIvOTJK +Y28rMGsKTFMvdzNqNS9EL0w4eVpWQlRpS1Mwdk1HRnZVM0c1L2h0Zndybm5ra2hP +dwotPiBzc2gtZWQyNTUxOSBTcENqQlEgKzFna1FLSHZxbWI5OVlpM3ZSOHp6QlZX +L1dyNnBtUThUR0VjYTdpaHNqQQpVeEJ1RnZzTnU4Vk9sajQvNGd1azZKUUZ2dG16 +TXUrYnI1UTdkclRCdnVZCi0+IHNzaC1lZDI1NTE5IEJZS0crdyArbmdIS0ZaSHpr +RC92QzM3WjlYYTRYcTFOUGhPNDYvSDkvMm5RMXJISmdrCmUxb3hvVG4rek9SMHhI +dlp6VUkwMG1JamNGOTBueVNVU0hsWVZTd2owRkEKLT4gc3NoLWVkMjU1MTkgWHpm +bWFRIHBDWFN3dmlxL2R2dGp3SWhJYUovOFZoUGRlQ2w0VkplenlCVUpwaTk1VWMK +QlFlbnQ1aDJ0QzBMQU53anpNUTBxbUZDY1ljOTZ4TTcyRzFjQldkZTFmMAotPiBz +c2gtZWQyNTUxOSBSNSt4ZncgbDNFcTdJR0ZJVkNJRkUyR29CK0t2V2w1Yy92UzRh +WHJUSHdqSlFnbFEzRQpLN2R3dldoNUFTQ3VndVphbDhUWWJtdmhkVkI4alFkdG1N +WUJWUm81SmZBCi0+IHNzaC1lZDI1NTE5IFJvWDVQUSBKTzgyckMzMklZM2RhZC81 +cnBMY0N3U05XUDNZSTdWYldRcEx1eWFNUXdrCnhlU2FyNDZ0Skt0VDBzWkJMUGNq +YUxxK1YwTDZTV3cvalRsamdHV2phY00KLT4gc3NoLWVkMjU1MTkgRjRiYjhnIFY3 +cDYxanZRWHFlTDZPT2Jod3pNLzRIWjFnMGdHaHVROGlwVlZWaGZpeDgKT0M0YWZ3 +NGhPdlcxQjdrTms3UUp0TStUazFHUWtGVDFUbnZZU3hpVW5yWQotPiBzc2gtZWQy +NTUxOSB3ZHJaSkEgZlpaUFhnT0xXQzRuMHJmeStCTU8yQ05FRmo1RmJ2MDlnRGdE +ZS9BNmd3UQpiMkpTTmJIZUM1NHlQN2twdkZvUzlWSVhzU3l6WVNVcVcyRTBsMDlh +TmEwCi0+IHNzaC1lZDI1NTE5IDVhZHFNZyBIN01sZnFrUk12MnJ6NFMzelpJYnlC +UGlBbDluYlN1ektSZkxBTUlINGhJCjFnQWFyM0hVajBHblR6U0hJNjhuK3psM3dj +cXNPY2tIMTFLQmsyL3c0aEUKLT4gc3NoLWVkMjU1MTkgWmUxTXdRIDFIc25oVkZX +Rms4a2V0NHF4L0ovbmlDb05hckJkZUNIbkdGVzF4LytkbjgKUGFMOE45VXBtUlZl +NlJCeml0ZGNlQktWWFlzRnp6Tkwra0RjWThIT0VUYwotPiBjLHIkLWdyZWFzZSBw +ClZwdHVUVlNLNVZteEtOVUhoUXo0bnNFOHIvTzJYNEwzRjJOZDYwUysvQmdpY0Fu +REhicEljN2RoK2VldG9BCi0tLSB5Q2h5dGdZQURpT2pzYkF2QVBnWStpNTl0Wm8w +OXEvSWxxUFBJNGhRK0VvCnEE9IZkJlvovun4LAyNFKRfn5f3vC6/+Q3QTrL5AOuS +6UsEYBDc0gaXl8fy/7B8tW2slsWuGnXE8qtXZS4l6jrg/UZiNGkXFyOjv8YhezDr +QvkBNtgTdjzObO7g0QYoH9cgANZguIZgRKrkmZnKMjqhm+etXFG1v8LYUABpbfRt +LECIKGLDLgoRnZFaQbgZuVjDZlbKa8bCH0Nz5R5RiJWVlc+Qv37Jau35Qo3dsQgW +pHlbp/JAIYJc208scmeLz2DqM+1WY01DlGbvcsVnpYn/AkjAN25ymHaZRqj/wAqW +Zf2GzfpF9B2PeqWpELw6Ag0hWWbsaIfm+NVGYmkMaJf3GnRcozwi4WwPmLle24+r +bsPBlmIFa/GLSZa3o/EMwZ+uJ7fxMPZGFcLr3s84fSd/7DKhLt6HeJWJfSE+5Tv9 +HWzEy7XU1wz6esaGAMn1KB7lt1o22qoyChEfjTpJUBwAmICnNb3n6l+SDFze7k/w +IytdbHOcwrbIJScuxXMT1KYuB50MFbZpxGFsjBUfqfoM0vBdxC20NO+T2sCH/NiS +Oe+f4VrEWDnWkSLTKJoR +-----END AGE ENCRYPTED FILE----- diff --git a/common/secrets/secrets/nix2l002.age b/common/secrets/secrets/nix2l002.age new file mode 100644 index 0000000..4efb4eb --- /dev/null +++ b/common/secrets/secrets/nix2l002.age @@ -0,0 +1,39 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USBUQjk4 +R0k5aTVtbDdJbXNvV01Qelo5dEhHMGdCQ09PK2k1K0h1WSsrSlNRCjNuSlZYN3BJ +MHpxZHRyNkx6U214TTJmTk1vM2dCalp5Y1padFdaK0dUSEkKLT4gc3NoLWVkMjU1 +MTkgSmh2TCtRIEI0amEvS01qRTE4VWNCOVlFQWpwZVVOQXpwclBnN0JKaUppdXA0 +c0RYUUUKOFpKNG9Ud0FHam83V2NCK1UvYmN5YUJDdjM1Q2luRnJ3SVd0elcydlVh +MAotPiBzc2gtZWQyNTUxOSBTcENqQlEgZ0VJMHBXcklrZ1RmTFZ4NU45V1IzRldH +clV2a0RPT0tkaVR5UlozbnNDcwo2b25DZy9iN055VHJsNUp5S0krS1ZzTzhKa3lt +aFR6elpHT0ZzYVNEYVlRCi0+IHNzaC1lZDI1NTE5IEJZS0crdyBMQ3I3ZG43WkdC +ZjlTMENVY3UwOVh4VE5GNnE3NW9ILzJDRmRkVHV6a1VBCkJ0V0FwSXQ0QmM0SG5i +ejZ4SDlBWTlvbmZtSHJTcUdISDFQWUQxTVJicDgKLT4gc3NoLWVkMjU1MTkgWHpm +bWFRIDUyNTBTOGlKcUttYzNZL0RGL08zdmdwL0hKbTBwZ1FtU0xOcEt3am9LeXMK +L21ndXRvSGQ2R0VNNlFsaUhaTnZsV0xsRGRPQU5PTEZCSUlBYVpkRTR4VQotPiBz +c2gtZWQyNTUxOSBSNSt4ZncgNmIrMlAvS0dRc3p2VGFUV2NDcVBVZTg3N2diM3ow +djJ5cE5ZMUJ2UGRUMAp1N0ZhVEFsQ1piOUVYN2tRYW16WjBPNjIvNDl2bDdIZ0sx +OEFFQWZuWjR3Ci0+IHNzaC1lZDI1NTE5IFJvWDVQUSBSV3EyNS9LaFpkdGNWeUVF +cUVqd0ZSclhLVy9vTjVpSURsVFJ0SDFiaWpnCllUdjAxMG5rOWRWSGwxMXJCbk9r +NUlZTzFYNHBXdDd6Skd1Ui9EVjY0K00KLT4gc3NoLWVkMjU1MTkgRjRiYjhnIExu +WkI5aHV5THZEbEZZWldZb0U5eDl4R2d3OVRGUFh4K1ZXMUpBZTlVRFkKNTFZN2d4 +MjlLUk50Y0FaaFRnZHFQVGtWN0V6Ym9kb3J1ZTFkMWhxS09kTQotPiBzc2gtZWQy +NTUxOSB3ZHJaSkEgbEtUaGlPSFJNUTlCaTNTZjBVS0gxbjFKYjNFcHVxRldVZUda +ajh3OGJnWQo1dGlNRmlRZU9IL2F1a0xWemh0Y2hBZ1A1b1NORVV4STY4Q01Tbkpa +SE5ZCi0+IHNzaC1lZDI1NTE5IDVhZHFNZyBKOUtiOFljK3NRdE40MXNLQWtnK2h1 +d2xIMnJYc2hib1hDTnA5elhGWG0wCm1LaXptdUxaTHkrRWxBY2Vjc0tUQmIyWmF4 +cnFubC9NY3MxMmJLRm5Ra1kKLT4gc3NoLWVkMjU1MTkgWmUxTXdRIHU4OWNxajBL +dlRwSHNxUUREZ2tVcUpkUWpINmVTY3h5U0Rza2Z6UFpuM2cKMndKSklhOVhEeWt4 +WDRFeHVaSTh3VHcyU1hhKzJyV2lwMHVpWHBwM0ZpMAotPiB9ODdBMj5PLWdyZWFz +ZSBxLkkKUXBzVlFKawotLS0gSmczS1lET3BHODZIb1kzdVlxVmJyTnhnZ1B1dHU4 +VWJyNzdhWi9sbUJkZwoixf1N43xLWsnwn59HIDqvZaZJ4DZQLMwZV35Q8JQ5Rox5 +ZGyvsR8YCnuXeN4PuycqCYeDZrCPpauY58Ga4A2M+Ix+BalNNtDCV6HEFPsfeWtu +7tp/rvWMEGKJqulYysuC8uXaWgdc/FMcOhr37b5ErH004RKz/+Mr7Cm9h81KCwhb +MX4uGWYuhIEATgLaY30djh/eZasKpLN2Fk/zCsEm8wQc0BAF4b0VNMlJsRSEWY8h +kDDplK++qfp1J0fpCiPXCO2DmgKCrG2D9g5/ahh0W4mQFM0MRDOkmL2VLnHUS4Z1 +CfE5j5/7Xk+eCP44WqOFS/cBOduty89oYbjfwio9Ep2kfBpM1jGSOHyNMMv/oUOr +LjwLCUVcMX/N1lsQD8Q4Az98QpNmStDfIbcjYLO/c6eAkRNmYDiS2/Zv6gd5NS+S +jkULCWsHDhUssh24Z5yvwLW9lsgkdTF8Oi7crGaJsy8UJBY+3Dx6qV7UeXXLa/sT +DEi0CvB3iZiqmyctLDMUI0F3BibasRnCYYsNM36vU5NviMj9wh3DXiAVaN9/QerP +vLVf8sjTlRFO85bZyw== +-----END AGE ENCRYPTED FILE----- diff --git a/common/secrets/secrets/nix2linode.age b/common/secrets/secrets/nix2linode.age new file mode 100644 index 0000000..ac062d9 --- /dev/null +++ b/common/secrets/secrets/nix2linode.age @@ -0,0 +1,40 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USBQQ1VG +cnB0WEtRSTB6eDNZYXcwNmZwL1lTVUlaT2lvaCtHQzJKM3VRUWdBCm9WV3ErWm1L +MlJOMG9abnZjUkRrbi91d2o1emp1YTRYVkhZSDVIbWdzZXcKLT4gc3NoLWVkMjU1 +MTkgSmh2TCtRIGRmT0ltdFJYaHhGeE1oNlRsNEFrUlVhUDZUSzM0YUNvRktGM0pM +cmxqaFkKOWZXeGJDQTUrZXlmRE81MURDL2o2SkpjZ1NiRWRFVUNlTFlsZzJTUjJq +cwotPiBzc2gtZWQyNTUxOSBTcENqQlEgaTFWdG1LOGVGUVlrN1RnaU11aENxWXlh +enl1YnB4MjBMSHkwQit1ZkQycwpNQWNFNkxQUmdWVUxQOUFSU3VORVpTdEFnNitu +YStFWG9ZaDNwb0NNYWdnCi0+IHNzaC1lZDI1NTE5IEJZS0crdyBMM1dEYnBmL1Bl +RUhURW44WDdDVWVNSDF6aEVxRnlqbW1qQmsxQ0g5b1FNCmhWcjZIQ1l5QndIRE5D +dE44aDBzTHVGWTdEbDMrbUo3bDMzUlhrdkM5SjgKLT4gc3NoLWVkMjU1MTkgWHpm +bWFRIFF2Q2VJT1orUzhHZFRLb1NRNlRaMlVyK29NVGQ5NjZZU015K1R6cHVwVVUK +WkM2WVJtWUk3OHNZb1pXeU9KZG9GQkJvcXFCd3BCL3VOcUIrWS9iQkJXQQotPiBz +c2gtZWQyNTUxOSBSNSt4ZncgRkFtblVwZGtndlJUYkNjYmIzdEh5am1IYXFUNFBj +OExLUi9NckVxS2JoZwpHMTJ3cUU5VCtrUDBlakNxanJaWU5zSHB4bW9EKzhjUlZu +R0U4c3hOdHBBCi0+IHNzaC1lZDI1NTE5IFJvWDVQUSByTGkyZmY4aTYzQTBxV056 +OWNzdHNrMUhqSGNvTU9VajE1eWwxNmo3a24wCkNGc2w5cEhEcVBoZllOM2ZjSS9w +WEJBcTRSQVUvVTh1L3RJRUpKUVNNRDAKLT4gc3NoLWVkMjU1MTkgRjRiYjhnIFYz +WGh5NGEvZ0EvSkVFamVpeU1wRWVjaE5QcGl5d3FpaTgwZFo1WFhla2MKeWNlNDdP +anF2K21peEVBakcraDkxV1htU0VXdVlKUHQ5Q0h5eDBqSlltVQotPiBzc2gtZWQy +NTUxOSB3ZHJaSkEgUXlmSXliZFBzamlST3lkTFFscktYbi9QTm5pelVrY0Z1c2J4 +WTNDc1BsVQpxeHZwdXI0UFNMSER0WmZ1Z1lrSDBibGd2cEJGQjQ3VnZmRWZFMkw5 +RklvCi0+IHNzaC1lZDI1NTE5IDVhZHFNZyA2bjNlY0dvT2JjMFp6cTlXT2M5WjUz +eURzaHNKN1h6SC92Q0xsOWdOSXhNCjJ2dDdGNWp2ZmwyemplRFk2SUxVMVdFblFn +eHNkREVhZ0k5aFZKTnY5TEUKLT4gc3NoLWVkMjU1MTkgWmUxTXdRIHEwVGYwTExB +V01YT3dUZlNWV3Zwem0ydXFtQjlnVWl4NW9FRVJEUDNEaGsKWW5Cb21mZ0FFZ1h6 +YUJucVc2amJYeFdHWnM2Y1FqMjdkZTQ3SkIzVEFlTQotPiBJKHtyey1ncmVhc2Ug +OF0tP1UlXyggKCcnXU5FIHwwNlZtMyBsVSckS1xSCkVUNmlxLzVvZG1QVXhacjdF +c0l6YzJFTlQ2VVZEeGFoRzlVCi0tLSA2UTFTQlh2bG9WS1l3T0J1ZjdhSzcxOUd6 +VXA5Snloc1F5bTMvSi82QWVBCrpftJGo7RMOlfmxiUgnwuKVjo97b6fbgNgJaBBb +6nXQfGOxsfWDv38CXuIA0QVuarawk6MZUdeflEoH8SlTihZ/YGm3m66ddUGSQANB +QLl2q3iFpmrAgyYMYh+3htHhxeQ1XqUGGYgQUFqaD+mevmGSRozH+3lJMi9x377/ +qI+hSy3WZTg4A3czLk5xu3cwr3jTyINBz+yWKudtGmSmPZEoWYOtv9+jWmEsZ4rh +9dkhqdas89zYBnAaJ6T8aS9O5QnVPqpx/5AzK1YCY/aRM6TJMAq39fttbmAg8P4I +ueiHAEdmeNpdHpPy3fbw4uPjlr0u0olBawE+XzpziwA+R1+p8pb7BTrbvNL7tT+U +kUojuHBVsS0f1/FD+LnHXIUU9BEq1Ld3+BOewyhdte0C+FzQcwBID3qMrapOwcRC +SK8xwNFwmxUuwFuA2uKEmnVyDGFIkOUymSrMlfzc6GzSHWMIhXnhi7mMknYCgSNQ +WzfLPoZevuxRZ4jXi9/O6/35eYjK5tapCuELRnzTHf27xaYSWThv4fBEg1JntNOd +rz/5PBvnlsccjJU73UrB7A1r +-----END AGE ENCRYPTED FILE----- diff --git a/common/secrets/secrets/nix2lio.age b/common/secrets/secrets/nix2lio.age new file mode 100644 index 0000000..219d288 --- /dev/null +++ b/common/secrets/secrets/nix2lio.age @@ -0,0 +1,41 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USA5REFK +SXBXcVIyVjZlKzA4UUVQbHhJNjcwc1JXQ2RPTUhPVERWWUZCdzJRCi9CWndhK0RD +dHZHYzgrR1hIZzU5R2s0Q1N1Q29pSXU0QWNqazE3RHZEcFUKLT4gc3NoLWVkMjU1 +MTkgSmh2TCtRIGYyVGZwMWhNVTJHVTduNURBM29WL3ZHVkJJTVZzTFRJNUVTdm1R +SEJVUjAKR1RVR2FvY2NSVVBaaUR5eU5Pbm9BRXR4QzFJeENxWmFxS0FjVFN1UGxL +UQotPiBzc2gtZWQyNTUxOSBTcENqQlEgTE9IaWduejVsM01rTnUyVEJucm1wS2ty +VjZmcE4yenY0YnVvdDI3TXB6YwpyRnN2U3FoS0lwYmtzNTVXSFBYZm4rOG9sNWJX +d01jcVdmbVFLK0tiUW5nCi0+IHNzaC1lZDI1NTE5IEJZS0crdyBCSHQxV3o2MkVh +SGlnMTNOWXNYMkc5YVVtV2hEbFdrdjIzRmFkOEJOd3dzCjhaRjMwV09IYjQyRnVa +MUs4TS9zdnBVQis3OTEwZVpWOVFvWVNNSnZwVWMKLT4gc3NoLWVkMjU1MTkgWHpm +bWFRIDFVby9DNGRqbE12ZVc1OUpxUEVLRkRDcmkwK2ZjTExQZTUyemNacjFyQVEK +V0M5ZXVHd2JibCtFdm01YnRRU3Jwa1VDQTZxRG9oZE40bFJKMzJ3ZXJmcwotPiBz +c2gtZWQyNTUxOSBSNSt4ZncgcTMzTmp4QXVGaDZ1akVIWktmZkJBZnpPTitwL3dq +NnI1MXU3ZDd0Ym5ubwoyTllzNDNFWlVYK1pNSzFISHlBYmwyNHRBVHpxUy9LUjZw +L0RNemwyTEhNCi0+IHNzaC1lZDI1NTE5IFJvWDVQUSBhblRMZUhTTi9nTWJGZHRk +MUhCN3lsUW1QSWZKTWxzVUk1ZmdqMmN2SW1JCk9pd1F0elpucE54bWExZmVUbHFB +aXVEMFB3dnB2bEtoWDJ4bFkrdDFYZTgKLT4gc3NoLWVkMjU1MTkgRjRiYjhnIG5S +UFZyc3ZyRW1LMnFBQStUa2VkV3U1aWVSbEt4UVYwTXdmaGZMeEFvajQKeHM5b2Ru +bDZNb2N1MHk3Q0Yxc1BodnJZaU03alFXeDVCYnJzdXRRajc2ZwotPiBzc2gtZWQy +NTUxOSB3ZHJaSkEgd2hVa3VkbzBDbjlLcWJsSGxtSmhHMWJNUUNkSnlwSVlLcFhM +b1cvM0RWYwpBRjc2UmplVDBzek5CVkZKUzEzQXMzc2F5cytaRzc2SVhpdnNhQWFX +bmh3Ci0+IHNzaC1lZDI1NTE5IDVhZHFNZyBBN0pnSm55czgralJJK0I5SHJKeTh0 +dWZoYXEzVzJ0TDY4Zno4MDQyMlJrClE3b2NTWW4yUEFMaFhEOE9DVG1IZTR4dFBo +UGxTZEYxcTlUK0Y3UGJraG8KLT4gc3NoLWVkMjU1MTkgWmUxTXdRIDV6YTJjUW1Q +aTZvTjYyQ2lKUWlNNC9UT3I2T0RpTUllcG5Od1BUNG51RncKZVYzbEd6VjZKVEla +d0lPTk5iTzNPTURrNGVjdzJYaEhoa0lEM3piaktwTQotPiB4SDZfTT0tZ3JlYXNl +IF5za3tQaSB3XylqLC5lRyA+XW5AMF1qOyBsdDhiCkZpNFJPaXJJSG14QTZDS3pz +ZzRBSFV3V1BnS3d0N2JLK1Bia09JUDRWZVNxamdMdU0zbmdEekQ4MURnL292dkUK +c2cKLS0tIG5QTm9IR3FyUGVGWVM5bjNPYk5vdnVpaGswSWlCWUxab0FaZ25WZHNG +YW8Krvkb3AjClvfTUHThubvKKHjLuIBiQc8NlW6PClnGoh1J7pTnIObysgYRGemR +gt6ilnB8NGS/iUgMvGNlJbqt49JIejCajmLyFLzlOsn6TPe2GvhWNtf3DA0JtcW6 +7GHBrHE9c9fvfqCGoW6ywFxXeOhcCYsBsXMuUu8dB3nME70TaA8lAUSI0Gvx2u8U +qcH6Oqh0lG4/98s1dCe2TCqjqa/0xQ07PE/7rbC2+YpuX58UYDDwRFDzPtiUihNI +hhp1Gco3DVrJwpNmXBe2TuE70oKRzlvmwbiuK1lQ4B7OWyFds97RP4h9OGq3Tn3E +qENrcRTd4MdHcj3/TqriLuHZwJCNxmG614JhlSrzjZtlUuyCa4Q+UfB/9FBq+lkZ +jNttM+gJzt7HY/5VSl2EY6GtbpbIpJU3W5D+fMneB0no2jOc00YVLMjsY9uDF6nY +xeVBOMJpYHZrlou54xeKmaXbjrdEwYGqt6syz2MW8YV0VtJc1piVsoeHtO5ajDMt +7WeyklfOSx5ZDUCKLlXP3u3en3fXsAtKNa/JT/hBWf6JvCdYlI6SZLsGGSz/wD6g +w8c= +-----END AGE ENCRYPTED FILE----- diff --git a/common/secrets/secrets/nix2oracle.age b/common/secrets/secrets/nix2oracle.age new file mode 100644 index 0000000..41f4cc4 --- /dev/null +++ b/common/secrets/secrets/nix2oracle.age @@ -0,0 +1,40 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USBuQnNX +UUtpejU2Ym5ZZGg5dUt1b1VNZGZMZzJiSHBKRVk2OEN3V3dWdVg0Ck00UHlIcW4w +cGp5YjJDNERFUnlPQURucUt1NWNydjhwL09DNG5NdmsrNjgKLT4gc3NoLWVkMjU1 +MTkgSmh2TCtRIG5sdjZzckpIaW1LUHRJelNjYlNET2RhcEsrZXhGR3hLZGdvVi80 +YU9qbEUKSExvTTZKZXlDRWVDcXVqVFhlT0NkZzhmT25iNkJVU1N3SXZib0FlODBJ +OAotPiBzc2gtZWQyNTUxOSBTcENqQlEgNGIzWE1LcDNrN1RlTTQrQ1oyME90c2Fr +NEFjblpHcStlM1RkbTZHd0tsawpxcFQvR0dRcDV3Q1pmV2JFSk1sV0x6Qlh5cXZL +eFpWdVovU2RGTnRWcUZRCi0+IHNzaC1lZDI1NTE5IEJZS0crdyAyZGl4WnMvRG5V +Q0YzRDd6dXdtNTlTbVlFRTFWRkRzdnI2NmkrUm10MmlZCkk1Snk5eERvcXo2WDRE +c0l6L292aFVERHUwNDBPL3cxbXBydEZsQ2lhcU0KLT4gc3NoLWVkMjU1MTkgWHpm +bWFRIGdVQUhDZ0FVTG5COW95K3VPNnVNY3JZbGVnNDhWTzRubkFlTUMyeTlaZ2cK +M2Z1MFZna29sMGF6MG45RVVZVnhVOWY1alpxQW52d1E4bmNLSUtnVjNvdwotPiBz +c2gtZWQyNTUxOSBSNSt4Zncgbnk1ZzRDbzZBczliWFVGVWU3K2RrQk4zZEFNOWxS +SXUzTjJnd3U1MjFqOAo3L0JCSDh3MmlPSzVZTnBwYUxSYXNtKzIzY3hMTmIyS1cr +WGthcm02WS80Ci0+IHNzaC1lZDI1NTE5IFJvWDVQUSAwUTlzVEVsT2JaWnU0bnhi +V1ZBV3NKU3RVTEcxR2N1NHFtTDlXMWxKZERvCjN2VE9CSzZVRzVDN3I5WFFKVm9v +aXF5cVh2aXJ0L2IvcFFqcndjc0F2dDQKLT4gc3NoLWVkMjU1MTkgRjRiYjhnIDhr +MXFrLzlWZWNvdFZZWndNYzhzeHFzMXAxdGx1d1ZnVjFiUmZlY2xSMzAKOVJEM0hO +Tm1KZHQwbVNLcmkxQndjQ2M1dS9YWlRZUG9wdGplV05PQkhkQQotPiBzc2gtZWQy +NTUxOSB3ZHJaSkEgdVlMN052Mk9YT29BUTBKc1JSZ2JQK2FCalR0RTVWU0tzMlFa +MU9GZXdocwpUVHR3a2RHSHZwSXE3WVZ4dEdQTTNNblZBVDNaMFcrWEJVa0ZrY1VS +eUhNCi0+IHNzaC1lZDI1NTE5IDVhZHFNZyBEUHlnaUkxbnJRYWQ0UDVmbUhzcXBa +VE1FeE5YbWZFR0p3anUxN0krNnlnCnFCNXZBSnhzZ3FPS0V4OGs3YlF6RVU1M2Rk +bGNiSGl4VEV2UlZHMkI5QkkKLT4gc3NoLWVkMjU1MTkgWmUxTXdRIE5raFFWOVhO +Q1RQVjBqNEIxMGFtczE2STRJN1JqNW1MaTNNOWs4bktGWEEKMkRyVC9XSVdFVGVF +NE1jWmxWSzdPdmZWV2haY3ZjN1FIaXZzVS9yQXkydwotPiB9SlBFNS1ncmVhc2UK +RE1xM1MrQzZXVUFQbTNhSlpwaG9WZ1NVcHRnNEl2RlNUUmtTaXdhbDA5M1JyUVU2 +cDl2MTJVbkgKLS0tIG5ZV0dhcVYzL0hBTWpqUWtNbS9nUDhJSGplU29CcGU2UGtI +Ni9ScHNHbEEK+33ZrBrxJELcVu6ZdYmZOQyJr4/CwlQwPAzbMqjhyTGqxbOlAyvf +hZVVfv+HIVZdj911jjKY/EMOv1z3uAzFFMEdMQCBhjuC5dk/MEtQipJexgdupRfN +y6DK9ns1TyMXWCvm+EsSsOSYfV69l3uee9lsXDGG05EmJJ+nLNkeODD3kr2uwQbl +b4CI/Eul1Z1Bzi9Fc10yp5daJt+8yEWhQp4sPKlSdYOjFV3+EIK9ZUOE+r9gG904 +FIqeNLv0Sed01TEeDcFhSzLCrbMsMzesBh/uxSOpAjqJsoJGTqF/Qjlq1YMQCBrV +JSC3tP+XOUokK/yEBeFuE2EmnF+dh3HcSWXOGoh/kViqoWYdpt/V4Mdtzu4wppgv +V3ri2C4CUfP4zwUm90wVU7fW6NmfGdRg97w7IIrRdTNknN1O5g5L+zoXiA9RF7ac +qZkrv6caEgiGtrLIVVkcHujWApvcYHYhxRi0KRLFwjUYNrOaMY9k/DgP6eY6pFLt +jPcxGEalMxgIwORJ7rG7+u7Fjbaw9Aa8klsEVnjVWJBDwa0Lbaiaz7ggPzQq5lKB +/zg8ixczAUY= +-----END AGE ENCRYPTED FILE----- diff --git a/common/secrets/secrets/nix2oren.age b/common/secrets/secrets/nix2oren.age new file mode 100644 index 0000000..5f3e63e --- /dev/null +++ b/common/secrets/secrets/nix2oren.age @@ -0,0 +1,38 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USA4ejJq +VHBFbVAxNWhPZnlNY1BZNkJqUXdhdGdHamFYVkVLNlpPQnFOakZZClNObTc2YU5Z +KzJpMDF3TTVrWmJWdkVsMkJpVkRlOVJleVRoTXoraUY3dTAKLT4gc3NoLWVkMjU1 +MTkgSmh2TCtRIFBwT2tDdFVjMWxhYlB6QmQvdGRjTDhZSzlUNUFvbG0wYytLcitS +Vk9ha2MKVVRFQ1hMS0Yzd3oxbEZFWHY3ODJSRGhpbS9iVVZsWStZYzZmQmF1Ym5T +bwotPiBzc2gtZWQyNTUxOSBTcENqQlEgd0g2SmlwQ0RCSnpnaWNOTmx0SmRESUpz +Q1ZPTis5NHVicFAwRVZlR3F5WQo1eC9xQTNEelJKbUtFMWxSOThQUnpteVY0QmNl +TzhKVi9NZ1N0eVFQVVFvCi0+IHNzaC1lZDI1NTE5IEJZS0crdyAzYUVNakZzeldL +MzhoQzY0T09CWnBNYjZQYXVDTFFPS1hqRG9QcFJPQm00ClFJdGtnUkwzbHhQQnJD +U1pvZUJ6Mjl4cDNyNm9uczdSZG5CKy8vb3czc2MKLT4gc3NoLWVkMjU1MTkgWHpm +bWFRIHZlT0k3YXhXT012SVBMUEtRYXpaMmh3c3kxbUluNkNGeDBRRkdRcmRnQzgK +UEhWNGZPSlhXcHB1MnArcUp0Z3Y0amtKV284YU1aZWNUZE1zaDBkVm9wSQotPiBz +c2gtZWQyNTUxOSBSNSt4ZncgN0YvQlFNUFBheUJURzhoQkg5bEZCUGM3VUVFSDk0 +bDUyMW1RdjRzQklnTQpXTktUOTdvWE5FWEwzNFBKSjZWbTZIcUpIL2dYQkJOVEUr +YlFudE5PYmlnCi0+IHNzaC1lZDI1NTE5IFJvWDVQUSB5WGtlUURGZ2thMkdOMmdX +d2drUklkeW1xVlk1eDVSNGc5ZkJEZjVwWEhBCmRiazcrVzRGbktGNnl5c1ZudC90 +b0swK0cwdUQ4S2V0RGV4enFZWFh3WVUKLT4gc3NoLWVkMjU1MTkgRjRiYjhnIGFB +THloYVM5eE9zSnQ4ejd5T0pSK1UzTmY5T0F5ejFUcWUySHdsaG1BMk0KUGd1Smov +ZlFkdDhQT1FCNkNaQzU5RmpYSHlFMzNzRGJMeHNRVzZscCs5NAotPiBzc2gtZWQy +NTUxOSB3ZHJaSkEgSVh5aVFlOFZHb0YxclRUZjJjWnAvMEdGU25zTkNYcUc3djRh +VFdBZ1RCdwpDTFFYbUtlQ3ZrdXR1d1Q4L0p5ckhvNGlwYzgrRndraHdFMXRlRkIy +OXdNCi0+IHNzaC1lZDI1NTE5IDVhZHFNZyBpNVNOTC9Id3JTMUEyNDM2OEcxcGNu +NVlJTWQzSVl0U2o5YUl0TjZYa2xNCjd1WDFPbXNuQmo1anM3eFRpU3NJc0NMeFJX +L2Rsc2xTbXBqSXdaTk50cUUKLT4gc3NoLWVkMjU1MTkgWmUxTXdRICtJbURKL2da +eEsycSt6TzBvWUIrS1R2L2VKbUJvZVA1ZmtjQXplaWIvd1kKWm5vbzVkQ0dMOW5r +T1QvOFpoSW5MY21EN3gzRzJDRjRTYVJhVkJjeGt2dwotPiAjTkx0LWdyZWFzZQpq +d0kKLS0tIFpoamdUTXpvNkQ3N3ZkUlMwQUY3am03UUVLNVNXRmZsUUhlOTZ2MExD +bWcKi208SBEsgIk4hDTvAT/5xB2pd/vfQVwS/tRT4lOAMwZV5wNb7412LVDek5Ym +jdwoGkItzbmBYyXgWQn55dTApcDqGTJYK4qy4BT6w9yMsKcm0weF4suO/W8o+38D +Q0A/N+m9NbTEjTUM2uppr2T0dkpSqyK3ordVvbjOq/B7eBQNCRVm1ShcbyLekfiU +iwfh98Vlw8uQiCbCPA14IjBN25SvT1kvchkAgGtzozGrNRLVW8kYKv9KgRlVEU1r +kkS0Rhm9uRe6Kppo4K5+bHCKo8g8q7dcbya9a6Edlx36zdJwGWZ0EXkQtijCBcz1 +Ipgfktovy/yfhiBv9eYPjxJe+njyZUpUJNpydScnHJejGg0OJMkA0tRULNbxs1Uy +x5bCPl7SvZZlgsIktMwhekxJ9kIUsYgwtHbSEP9xIFFyRxSeaJSVFBx4jKFeFJlf +4pzuFOHp4RVyylYuhkKvWtuJ/PXYXm5wUptDc72vGeA7NDo5p/6u7KO6CfhVTpQ9 +cRKIdLxFFhqfV6m+BxoJY/TCyA/MONXxabETpQ3skPu9sCZXR4rpEKY= +-----END AGE ENCRYPTED FILE----- diff --git a/common/secrets/secrets/nix2t.age b/common/secrets/secrets/nix2t.age new file mode 100644 index 0000000..17a74b2 --- /dev/null +++ b/common/secrets/secrets/nix2t.age @@ -0,0 +1,41 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USBWaXVx +enVoekp2ZG9nd0ZQZ2UySnViS1hPRmpINFRYbndxajVRRFBEU25zCnJOU3JXa2o0 +anNkVStiY1lEYVppSHNFdjRPLzNobTVCZlVzTjY0V0dWQzAKLT4gc3NoLWVkMjU1 +MTkgSmh2TCtRIEF1KzhtYlh1Y3k1bFZYQSt3OE1PYzAzQ1lITEQ3Y0Vlc1ZIMnZ1 +NHZiREUKSW9tZ1FxdXAzMHkrbHgva3ZROTFjTzFvb2JVeUllZ2IrUkJKWUo5dmpl +ZwotPiBzc2gtZWQyNTUxOSBTcENqQlEgeDdrRDUyTTBySUhMZ0pzdnBHbmJQWXh1 +SkdrTjBRTG5PaVh6L0cxZ1drdwpVZUtDN29wQ0tWNjFMOWlSSE9KUVNQRzF6ckto +SS9EbzJ0ODFsNTJlcW5FCi0+IHNzaC1lZDI1NTE5IEJZS0crdyBPMk03MGQ3UWdy +M0VaTnE2Q0pVdFM2TytsS1g0WGhkckVzdEE3L2xjWXlRCmJCVncwZjFUUGJzaHR5 +QmtPU0F5K0duQkRhRkMzb2FBdGErRWQvb1poS3MKLT4gc3NoLWVkMjU1MTkgWHpm +bWFRIHNqa1dkYTdKbjBHTG1OYTlONlNTcXpCSGxQdWllZE9pOXVDWjJFSkY2VjAK +VjRnZ1JyOFI3cnEydG9uM1hhbVVKeXFkWU5DQ1lPdWU1ZHVMTUpCNXRpbwotPiBz +c2gtZWQyNTUxOSBSNSt4ZncgWFBuWFBjSGFhdEVGSlFsalh4aXRqZDROdWpZK0Yr +bCtwdWpxRm1SS0NGMAo1bVc1Nkc3T1AvNFV6MlQvK3dLZzdSRkZyVTM1b2VnQlkz +elRwc0JqOVJvCi0+IHNzaC1lZDI1NTE5IFJvWDVQUSAzSDBXb29lT2dRR1F2d25L +VjhQVjY4L2ZqT2N2ZVF1UVBSQTlqUVJlU2p3CklqUnVyM2V2U1IwWURVUDZGbGZY +aXZWYitMTmtlRUprZnBreWI0UTZjY1kKLT4gc3NoLWVkMjU1MTkgRjRiYjhnIHpC +TVZzZHV0UFJlODc0RHY4OHJJNTd4VEdnK29vUkRwMWV1Qktza0k5aG8KbXJtTnVX +MEN3MjN0d1pSOTlpazN2Y2R3R2JrVi91eTFIdFRwNGFTZmJOcwotPiBzc2gtZWQy +NTUxOSB3ZHJaSkEgdkpiUlFWcVJKNlBYanMzVUZ0K2pKc2hiSGwwTi9lSkJPUW1r +M0NWOGxDcwpZQlVWNkRIeFNvV3ZHUlFBSTN2RDZaUGhobUdQQzNlNitpZ1h0VmR3 +T0tRCi0+IHNzaC1lZDI1NTE5IDVhZHFNZyB3YVdDOTRoemdjVHFLMUNEV0RXcVF3 +am9sNkY2eG9vRGZ1Qkd5aTUyVmlJCmw0ZHpqMzBWRnU1RUkraExTVDhEdnQxQU9t +STl6ckJsUFhWMmI4enVxYWcKLT4gc3NoLWVkMjU1MTkgWmUxTXdRIG5SNEhGb3FQ +QkYxcnJBam9GazhXNE8wZW1OZlZVMnhUZnRPT0t2UkVHaG8KQmRlUkVkRk1QYlJp +Sko2OWNSb3ZLbXVGOU85dGt5ZjF4cWsrK3ZZYjJ4cwotPiBaPykzYTw6YC1ncmVh +c2UKRkhKVER5M1FWdzNScEd0STRDdit0Lzl6Vmh0RE9kQjNPWFFEWkhla2JaZlZx +QzVRMVBiSVIxbDdGaWlrZC8rcgo0Z2lRbGJwKytCRWRvRUhMSGFoclg1UjFwYTUw +VUN4UlNHaEtxZTJmQTN5MVNKcG1naDFRTncKLS0tIGNaRG5CQjNWMEozNDVQNFda +M1hoK3MyUWk4b20zN2NCa2w0NkRTM3hMdVEKVkLTC4doxAz7FnAkZfezL3XxVl48 +12l/ReMfiBHh1Fv5U2Z+/QjewTiBm+liq2zdvpAZZpiSLCPXEIAZDI8g1mC5eEgp +7jVhi78v8qPQexx3DV4t5CqWaP2tpJWXNmxQlTp0zykgxSZuMtNF4B3UefCTQK7c +RV3awDpKDj5ApyC54BhkL+OmSxlvaCwbeGL9tgNKhFV0WEwFjWHrMTI++Nu0K5mG +X8Hj0aqDKO8k5Bku+hK/LHNDT+/aCAfRfKMfwyo6ABBCej7YfTZKn/gyp+dDr6o2 +B2MBB4Dkuk7ioVgH5Iw4yxm97RHk4Ts+8Ntvhc7hOwDAnOl2bkDWBxPsqkXzHuFc +nTBTSh5Fl+/o2O+it2A5I05f9TN3ZucKtI5dkG/HSy4sDMJZ6hsFA5dXvJ1RQtfZ +qjoqjv70+zJ3fCQ939IxMBDEZhkD/WlxMnkNB3GNKZsOGd/YxyGcqVjmZ/SePMjv +qpYhdPzfoqUp5IpsaAwHexUKa5S8UaMEEfXhDbq8UlmnA+b8E6UcRlbpq3b9j8B6 +1rcXbEyHOAw5+HJDZv4= +-----END AGE ENCRYPTED FILE----- diff --git a/common/secrets/secrets/secrets.nix b/common/secrets/secrets/secrets.nix new file mode 100644 index 0000000..46cf81f --- /dev/null +++ b/common/secrets/secrets/secrets.nix @@ -0,0 +1,82 @@ +## To onboard a new machine, you must use a machine that is already onboarded, or the backup authority key saved in a secure location +## Once the new machine is setup at least once, then we can generate/fetch ssh keys from it and add to this list. Then rekey the secrets and commit the changes and pull down from the nix repo + +# System key: `cat /etc/ssh/ssh_host_ed25519_key.pub` +# +# from authority +# `nix run github:yaxitech/ragenix -- -i ~/.ssh/ragenix_authority --rules ~/.config/nixos-config/secrets/secrets.nix` <-r(eykey)|-e(edit) > + +let + publicKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBdG4tG18VeuEr/g4GM7HWUzHuUVcR9k6oS3TPBs4JRF ragenix authority key" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFzAQ2Dzl8EvQtYLjEZS5K0bQeNop8QRkwrfxMkBagW2 root@gpdPocket3" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIr/aS0qyn5hCLR6wH1P2GhH3hGOqniewMkIseGZ23HB josh@gpdPocket3" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG4PwrrOuZJWRjlc2dKBUKKE4ybqifJeVOn7x9J5IxIS josh@joe" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP+GYfPPKxR/18RdD736G7IQhImX/CYU3A+Gifud3CHg root@joe" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB9GW9W3DT9AqTonG5rDta3ziZdYOEEdukh2ErJfHxoP root@h002" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC60tzOVF0mcyfnYK2V/omzikuyE8Ol0K+yAjGxBV7q4 luser@h002" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFGp6oInUcGVnDl5axV1EHflMfZUiHxtqNa4eAuye/av root@lio" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKxNhtJNx/y4W54kAGmm2pF80l437z1RLWl/GTVKy0Pd josh@lio" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK7bNX7R9ApoX/cHdXIhQdpA2sHrC9ii6VAulboAIJM2 root@oren" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICauUtSa71+oQAiLxp3GMMbmNXcbr9Mc7eK8b/lqZbbS josh@oren" + ]; +in +{ + ## To make a new secret: + # - FIRST add file below that you want to create + # - cd to the secrets directory here + # - `ragenix --editor=vi -v -e FILE.age` add file below and in the ragenix.nix file + # + # TODO come up with a rotate method/encrypt the device keys better. This isn't very secure feeling to me the way I am doing this now. If anyone gains access to any one of my devices, then my secrets are no longer secret. This is not a good model. + + # Git keys + "nix2github.age" = { + inherit publicKeys; + }; + "nix2bitbucket.age" = { + inherit publicKeys; + }; + "nix2gitjosh.age" = { + inherit publicKeys; + }; + # Server keys + "nix2h001.age" = { + inherit publicKeys; + }; + "nix2h002.age" = { + inherit publicKeys; + }; + "nix2joe.age" = { + inherit publicKeys; + }; + "nix2gpdPocket3.age" = { + inherit publicKeys; + }; + "nix2t.age" = { + inherit publicKeys; + }; + "nix2l002.age" = { + inherit publicKeys; + }; + # ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJuo6L6V52AzdQIK6fWW9s0aX1yKUUTXbPd8v8IU9p2o nix2linode + "nix2linode.age" = { + inherit publicKeys; + }; + # ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG90Gg6dV3yhZ5+X40vICbeBwV9rfD39/8l9QSqluTw8 nix2oracle + "nix2oracle.age" = { + inherit publicKeys; + }; + "nix2lio.age" = { + inherit publicKeys; + }; + "nix2oren.age" = { + inherit publicKeys; + }; + # Others + "github_read_token.age" = { + inherit publicKeys; + }; + "headscale_auth.age" = { + inherit publicKeys; + }; +} diff --git a/components/hm/direnv.nix b/components/hm/direnv.nix deleted file mode 100644 index 873b54e..0000000 --- a/components/hm/direnv.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ ... }: -{ - programs.direnv = { - enable = true; - enableZshIntegration = true; - nix-direnv.enable = true; - config = { - nix-direnv = true; - global = { - strict_env = true; - load_dotenv = true; - hide_env_diff = true; - }; - whitelist = { - prefix = [ - "~/projects" - "~/.config" - ]; - }; - home.shellAliases = { - ndr = "nix-direnv-reload"; - }; - programs.zsh.shellAliases = { - ndr = "nix-direnv-reload"; - }; - }; - }; -} diff --git a/components/hm/git.nix b/components/hm/git.nix deleted file mode 100644 index d98abc3..0000000 --- a/components/hm/git.nix +++ /dev/null @@ -1,65 +0,0 @@ -{ ... }: -{ - programs.git = { - enable = true; - # TODO make configurable - userEmail = "ringofstorms@gmail.com"; - userName = "RingOfStorms (Joshua Bell)"; - - extraConfig = { - core.pager = "cat"; - core.editor = "nvim"; - - pull.rebase = false; - - init.defaultBranch = "main"; - }; - - difftastic = { - enable = true; - background = "dark"; - }; - - ignores = [ - # -------------- - # Intellij - # -------------- - "*.iml" - # -------------- - # MAC OS - # -------------- - ".DS_Store" - ".AppleDouble" - ".LSOverride" - # Icon must end with two \r - "Icon" - # Thumbnails - "._*" - # Files that might appear in the root of a volume - ".DocumentRevisions-V100" - ".fseventsd" - ".Spotlight-V100" - ".TemporaryItems" - ".Trashes" - ".VolumeIcon.icns" - ".com.apple.timemachine.donotpresent" - - # Directories potentially created on remote AFP share - ".AppleDB" - ".AppleDesktop" - "Network Trash Folder" - "Temporary Items" - ".apdisk" - - # direnv things - "/.direnv" - - # local only files - "*.local" - - # AI tooling - ".aider*" - "aider" - ]; - }; -} diff --git a/components/hm/kitty.nix b/components/hm/kitty.nix deleted file mode 100644 index 1b58b46..0000000 --- a/components/hm/kitty.nix +++ /dev/null @@ -1,65 +0,0 @@ -{ config, lib, ... }: -{ - options.components.kitty = { - font_size = lib.mkOption { - type = lib.types.float; - default = 12.0; - description = "Font size for Kitty terminal"; - }; - }; - config = { - # Enable Kitty terminal - programs.kitty = { - enable = true; - - settings = { - # Window settings - background_opacity = 1.0; - os_window_class = "kitty"; - remember_window_size = false; - placement_strategy = "center"; - initial_window_width = "160c"; - initial_window_height = "55c"; - - # Remove window borders - hide_window_decorations = "titlebar-only"; - tab_title_template = "none"; - active_tab_title_template = "none"; - draw_minimal_borders = "yes"; - window_border_width = "0.1pt"; - - # Colors (Catppuccin Coal) - foreground = "#e0e0e0"; - background = "#262626"; - color0 = "#1f1f1f"; - color1 = "#f38ba8"; - color2 = "#a6e3a1"; - color3 = "#f9e2af"; - color4 = "#89b4fa"; - color5 = "#cba6f7"; - color6 = "#89dceb"; - color7 = "#e0e0e0"; - color8 = "#565656"; - color9 = "#f38ba8"; - color10 = "#a6e3a1"; - color11 = "#f9e2af"; - color12 = "#89b4fa"; - color13 = "#cba6f7"; - color14 = "#89dceb"; - color15 = "#ffffff"; - - # Font settings - font_family = "JetBrainsMonoNL Nerd Font"; - font_size = config.components.kitty.font_size; - bold_font = "auto"; - italic_font = "auto"; - italic_bold_font = "auto"; - }; - - # If you want to include extra configuration this way instead of through the main `settings` attribute - extraConfig = '' - # You can add additional config here if needed - ''; - }; - }; -} diff --git a/components/hm/launcher_rofi.nix b/components/hm/launcher_rofi.nix deleted file mode 100644 index 353b29e..0000000 --- a/components/hm/launcher_rofi.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ - pkgs, - ... -}: -{ - programs.rofi = { - enable = true; - plugins = with pkgs; [ rofi-calc ]; - extraConfig = { - modi = "drun,run,ssh,window,calc"; - terminal = "alacritty"; - }; - theme = "glue_pro_blue"; - }; - programs.wofi = { - enable = true; - }; -} diff --git a/components/hm/nix_deprecations.nix b/components/hm/nix_deprecations.nix deleted file mode 100644 index d281d87..0000000 --- a/components/hm/nix_deprecations.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ ... }: -{ - programs.zsh.shellAliases = { - # Nix deprecations - nix-hash = "echo 'The functionality of nix-hash may be covered by various subcommands or options in the new `nix` command.'"; - nix-build = "echo 'Use `nix build` instead.'"; - nix-info = "echo 'Use `nix flake info` or other `nix` subcommands to obtain system and Nix information.'"; - nix-channel = "echo 'Channels are being phased out in favor of flakes. Use `nix flake` subcommands.'"; - nix-instantiate = "echo 'Use `nix eval` or `nix-instantiate` with flakes.'"; - nix-collect-garbage = "echo 'Use `nix store gc` instead.'"; - nix-prefetch-url = "echo 'Use `nix-prefetch` or fetchers in Nix expressions.'"; - nix-copy-closure = "echo 'Use `nix copy` instead.'"; - nix-shell = "echo 'Use `nix shell` instead.'"; - # nix-daemon # No direct replacement: The Nix daemon is still in use and managed by the system service manager. - nix-store = "echo 'Use `nix store` subcommands for store operations.'"; - nix-env = "echo 'Use `nix profile` instead'"; - }; -} diff --git a/components/hm/obs.nix b/components/hm/obs.nix deleted file mode 100644 index 68d6d68..0000000 --- a/components/hm/obs.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ ... }: -{ - programs.obs-studio.enable = true; -} diff --git a/components/hm/postgres.nix b/components/hm/postgres.nix deleted file mode 100644 index 053099b..0000000 --- a/components/hm/postgres.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ ... }: -{ - home.file.".psqlrc".text = '' - \pset pager off - ''; -} - diff --git a/components/hm/slicer.nix b/components/hm/slicer.nix deleted file mode 100644 index 4361d5a..0000000 --- a/components/hm/slicer.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ pkgs, ... }: -let - orca-slicer-fix = pkgs.stdenv.mkDerivation { - name = "orca-slicer"; - buildInputs = [ pkgs.makeWrapper ]; - unpackPhase = "true"; - buildPhase = '' - mkdir -p $out/bin - makeWrapper ${pkgs.orca-slicer}/bin/orca-slicer $out/bin/orca-slicer \ - --set WEBKIT_DISABLE_DMABUF_RENDERER 1 - ''; - - installPhase = '' - mkdir -p $out/share/applications - cat > $out/share/applications/orca-slicer.desktop <