diff --git a/common/_containers/forgejo.nix b/common/_containers/forgejo.nix new file mode 100644 index 0000000..92793a9 --- /dev/null +++ b/common/_containers/forgejo.nix @@ -0,0 +1,196 @@ +{ + config, + lib, + ... +}: +let + name = "forgejo"; + + hostDataDir = "/var/lib/${name}"; + + hostAddress = "10.0.0.1"; + containerAddress = "10.0.0.2"; + hostAddress6 = "fc00::1"; + containerAddress6 = "fc00::2"; + + binds = [ + # Postgres data, must use postgres user in container and host + { + host = "${hostDataDir}/postgres"; + # Adjust based on container postgres data dir + container = "/var/lib/postgresql/17"; + user = "postgres"; + uid = config.ids.uids.postgres; + gid = config.ids.gids.postgres; + } + # Postgres backups + { + host = "${hostDataDir}/backups/postgres"; + container = "/var/backup/postgresql"; + user = "postgres"; + uid = config.ids.uids.postgres; + gid = config.ids.gids.postgres; + } + # App data, uses custom user uid + { + host = "${hostDataDir}/data"; + container = "/var/lib/forgejo"; + user = "forgejo"; + uid = 115; + gid = 115; + } + ]; + uniqueUsers = lib.foldl' ( + acc: bind: if lib.lists.any (item: item.user == bind.user) acc then acc else acc ++ [ bind ] + ) [ ] binds; + users = { + users = lib.listToAttrs ( + lib.map (u: { + name = u.user; + value = { + isSystemUser = true; + name = u.user; + uid = u.uid; + group = u.user; + }; + }) uniqueUsers + ); + + groups = lib.listToAttrs ( + lib.map (g: { + name = g.user; + value.gid = g.gid; + }) uniqueUsers + ); + }; +in +{ + # Ensure users exists on host machine with same IDs as container + inherit users; + + # Ensure directories exist on host machine + system.activationScripts.createMediaServerDirs = '' + ${lib.concatStringsSep "\n" ( + lib.map (bind: '' + mkdir -p ${bind.host} + chown -R ${toString bind.user}:${toString bind.gid} ${bind.host} + chmod -R 750 ${bind.host} + '') binds + )} + ''; + + containers.${name} = { + ephemeral = true; + autoStart = true; + privateNetwork = true; + hostAddress = hostAddress; + localAddress = containerAddress; + hostAddress6 = hostAddress6; + localAddress6 = containerAddress6; + bindMounts = lib.foldl ( + acc: bind: + { + "${bind.container}" = { + hostPath = bind.host; + isReadOnly = false; + }; + } + // acc + ) { } binds; + config = + { config, pkgs, ... }: + { + system.stateVersion = "24.11"; + + networking = { + firewall = { + enable = true; + allowedTCPPorts = [ + 3000 + 3032 + ]; + }; + # Use systemd-resolved inside the container + # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686 + useHostResolvConf = lib.mkForce false; + }; + services.resolved.enable = true; + + # Ensure users exist on container + inherit users; + + services.postgresql = { + enable = true; + package = pkgs.postgresql_17.withJIT; + enableJIT = true; + authentication = '' + local all all trust + host all all 127.0.0.1/8 trust + host all all ::1/128 trust + host all all fc00::1/128 trust + ''; + }; + + # Backup database + services.postgresqlBackup = { + enable = true; + }; + + services.forgejo = { + enable = true; + dump = { + enable = false; + type = "tar.gz"; + }; + database = { + type = "postgres"; + }; + settings = { + DEFAULT = { + APP_NAME = "Josh's Git"; + }; + server = { + PROTOCOL = "http"; + DOMAIN = "git.joshuabell.xyz"; + HTTP_ADDR = "0.0.0.0"; + HTTP_PORT = 3000; + + START_SSH_SERVER = true; + SSH_DOMAIN = "git.joshuabell.xyz"; + SSH_LISTEN_HOST = "0.0.0.0"; + SSH_LISTEN_PORT = 3032; # actual listen port + SSH_PORT = 3032; # used in UI + BUILTIN_SSH_SERVER_USER = "git"; + + LANDING_PAGE = "explore"; + }; + service = { + DISABLE_REGISTRATION = true; + ENABLE_BASIC_AUTHENTICATION = false; + DISABLE_USERS_PAGE = true; + DISABLE_ORGANIZATIONS_PAGE = true; + }; + repository = { + # ENABLE_PUSH_CREATE_USER = true; + # ENABLE_PUSH_CREATE_ORG = true; + DISABLE_STARS = true; + DEFAULT_PRIVATE = "private"; + }; + admin = { + DISABLE_REGULAR_ORG_CREATION = true; + USER_DISABLED_FEATURES = "deletion"; + }; + other = { + SHOW_FOOTER_POWERED_BY = false; + SHOW_FOOTER_VERSION = false; + SHOW_FOOTER_TEMPLATE_LOAD_TIME = false; + }; + migrations = { + ALLOWED_DOMAINS = "*.github.com,github.com"; + ALLOW_LOCALNETWORKS = true; + }; + }; + }; + }; + }; +} diff --git a/common/_containers/obsidian_sync.md b/common/_containers/obsidian_sync.md new file mode 100644 index 0000000..98f7e11 --- /dev/null +++ b/common/_containers/obsidian_sync.md @@ -0,0 +1,7 @@ +docker run \ + -e hostname=https://obsidiansync.joshuabell.xyz \ + -e database=obsidian_sync \ + -e username=obsidian_admin \ + -e password=$REPLACE \ + docker.io/oleduc/docker-obsidian-livesync-couchdb:master \ + deno -A /scripts/generate_setupuri.ts diff --git a/common/_containers/obsidian_sync.nix b/common/_containers/obsidian_sync.nix new file mode 100644 index 0000000..42f8b52 --- /dev/null +++ b/common/_containers/obsidian_sync.nix @@ -0,0 +1,61 @@ +{ + config, + pkgs, + ... +}: +let + cfg = config.services.obsidian_sync; +in +{ + options.services.obsidian_sync = + let + lib = pkgs.lib; + in + { + port = lib.mkOption { + type = lib.types.port; + default = 5984; + description = "Port number for Obsidian Sync CouchDB server"; + }; + dataDir = lib.mkOption { + type = lib.types.path; + default = "/var/lib/obsidian_sync"; + description = "Directory to store Obsidian Sync data"; + }; + serverUrl = lib.mkOption { + type = lib.types.str; + description = "URL of the Obsidian Sync server"; + }; + dockerEnvFiles = lib.mkOption { + type = lib.types.listOf lib.types.path; + default = [ ]; + description = "List of environment files to be used by the Obsidian Sync container. When provided you must supply chouchdb user/password env files they will not be supplied by default."; + }; + }; + + config = { + virtualisation.oci-containers.containers = { + ############# + # obsidian_sync # + ############# + obsidian_sync = { + user = "root"; + image = "docker.io/oleduc/docker-obsidian-livesync-couchdb:master"; + ports = [ + "${toString cfg.port}:${toString cfg.port}" + ]; + environment = { + SERVER_URL = cfg.serverUrl; + COUCHDB_DATABASE = "obsidian_sync"; + COUCHDB_USER = pkgs.lib.mkIf (cfg.dockerEnvFiles == [ ]) "adminu"; + COUCHDB_PASSWORD = pkgs.lib.mkIf (cfg.dockerEnvFiles == [ ]) "Password123"; + }; + environmentFiles = cfg.dockerEnvFiles; + volumes = [ + "${cfg.dataDir}/data:/opt/couchdb/data" + "${cfg.dataDir}/config:/opt/couchdb/etc/local.d" + ]; + }; + }; + }; +} diff --git a/common/_home_manager/default.nix b/common/_home_manager/default.nix new file mode 100644 index 0000000..de3d9b7 --- /dev/null +++ b/common/_home_manager/default.nix @@ -0,0 +1,52 @@ +{ + config, + lib, + hyprland, + hyprlandPkgs, + ... +}: +let + ccfg = import ../config.nix; + cfg_path = [ + ccfg.custom_config_key + "homeManager" + ]; + cfg = lib.attrsets.getAttrFromPath cfg_path config; +in +{ + options = + { } + // lib.attrsets.setAttrByPath cfg_path { + users = lib.mkOption { + type = lib.types.attrsOf lib.types.attrs; + default = { }; + description = "Home manager users to configure. Should match nix options of home-manager.users..*"; + }; + stateVersion = lib.mkOption { + type = lib.types.str; + default = "25.05"; + description = "Home manager state version"; + }; + }; + config = { + # Home manager options + security.polkit.enable = true; + home-manager.useUserPackages = true; + home-manager.useGlobalPkgs = true; + home-manager.backupFileExtension = "bak"; + + home-manager.extraSpecialArgs = { + inherit hyprland hyprlandPkgs; + }; + + home-manager.users = lib.mapAttrs' (name: userConfig: { + inherit name; + value = userConfig // { + home.stateVersion = cfg.stateVersion; + programs.home-manager.enable = true; + home.username = name; + home.homeDirectory = lib.mkForce (if name == "root" then "/root" else "/home/${name}"); + }; + }) cfg.users; + }; +} diff --git a/flakes/common/hm_modules/alacritty.nix b/common/_home_manager/mods/alacritty.nix similarity index 96% rename from flakes/common/hm_modules/alacritty.nix rename to common/_home_manager/mods/alacritty.nix index 02cb9d6..0794c15 100644 --- a/flakes/common/hm_modules/alacritty.nix +++ b/common/_home_manager/mods/alacritty.nix @@ -6,7 +6,6 @@ window = { decorations = "None"; dynamic_title = false; - opacity = 0.94; }; colors = { primary = { diff --git a/flakes/common/hm_modules/atuin.nix b/common/_home_manager/mods/atuin.nix similarity index 64% rename from flakes/common/hm_modules/atuin.nix rename to common/_home_manager/mods/atuin.nix index 021745f..2eb52df 100644 --- a/flakes/common/hm_modules/atuin.nix +++ b/common/_home_manager/mods/atuin.nix @@ -1,18 +1,16 @@ { ... }: -# TODO setup auto secret/login for sync { programs.atuin = { enable = true; - enableZshIntegration = true; # TODO make dynamic? + enableZshIntegration = true; flags = [ "--disable-up-arrow" ]; settings = { workspaces = true; exit-mode = "return-query"; enter_accept = true; sync_address = "https://atuin.joshuabell.xyz"; - sync = { - records = true; - }; + sync = { records = true; }; }; }; } + diff --git a/flakes/common/hm_modules/direnv.nix b/common/_home_manager/mods/direnv.nix similarity index 100% rename from flakes/common/hm_modules/direnv.nix rename to common/_home_manager/mods/direnv.nix diff --git a/common/_home_manager/mods/foot.nix b/common/_home_manager/mods/foot.nix new file mode 100644 index 0000000..cffbb53 --- /dev/null +++ b/common/_home_manager/mods/foot.nix @@ -0,0 +1,61 @@ +{ config, lib, ... }: +{ + options.components.foot = { + font_size = lib.mkOption { + type = lib.types.float; + default = 12.0; + description = "Font size for Foot terminal"; + }; + alpha = lib.mkOption { + type = lib.types.float; + default = 0.94; + description = "Background opacity for Foot terminal (1.0 = opaque)"; + }; + }; + config = { + programs.foot = { + enable = true; + + # This renders to ~/.config/foot/foot.ini + settings = { + main = { + # Use the same font and size as your Kitty config + font = "JetBrainsMonoNL Nerd Font:size=${toString config.components.kitty.font_size}"; + + # Initial window size in character cells (Kitty used 160c x 55c) + "initial-window-size-chars" = "160x55"; + }; + + colors = { + # Background opacity (1.0 = opaque) + alpha = toString config.components.foot.alpha; + + # Foreground/background + foreground = "e0e0e0"; + background = "262626"; + + # 16-color palette + # normal (0–7) + regular0 = "1f1f1f"; # black + regular1 = "f38ba8"; # red + regular2 = "a6e3a1"; # green + regular3 = "f9e2af"; # yellow + regular4 = "89b4fa"; # blue + regular5 = "cba6f7"; # magenta + regular6 = "89dceb"; # cyan + regular7 = "e0e0e0"; # white + + # bright (8–15) + bright0 = "565656"; # bright black + bright1 = "f38ba8"; # bright red + bright2 = "a6e3a1"; # bright green + bright3 = "f9e2af"; # bright yellow + bright4 = "89b4fa"; # bright blue + bright5 = "cba6f7"; # bright magenta + bright6 = "89dceb"; # bright cyan + bright7 = "ffffff"; # bright white + }; + }; + }; + }; +} diff --git a/flakes/common/hm_modules/git.nix b/common/_home_manager/mods/git.nix similarity index 94% rename from flakes/common/hm_modules/git.nix rename to common/_home_manager/mods/git.nix index 406d280..5e84a6c 100644 --- a/flakes/common/hm_modules/git.nix +++ b/common/_home_manager/mods/git.nix @@ -7,7 +7,7 @@ userName = "RingOfStorms (Joshua Bell)"; extraConfig = { - core.pager = "bat"; + core.pager = "cat"; core.editor = "nano"; pull.rebase = false; @@ -55,10 +55,13 @@ # direnv things ".direnv" - ".envrc" # local only files "*.local" + + # AI tooling + ".aider*" + "aider" ]; }; } diff --git a/common/_home_manager/mods/kitty.nix b/common/_home_manager/mods/kitty.nix new file mode 100644 index 0000000..1b58b46 --- /dev/null +++ b/common/_home_manager/mods/kitty.nix @@ -0,0 +1,65 @@ +{ config, lib, ... }: +{ + options.components.kitty = { + font_size = lib.mkOption { + type = lib.types.float; + default = 12.0; + description = "Font size for Kitty terminal"; + }; + }; + config = { + # Enable Kitty terminal + programs.kitty = { + enable = true; + + settings = { + # Window settings + background_opacity = 1.0; + os_window_class = "kitty"; + remember_window_size = false; + placement_strategy = "center"; + initial_window_width = "160c"; + initial_window_height = "55c"; + + # Remove window borders + hide_window_decorations = "titlebar-only"; + tab_title_template = "none"; + active_tab_title_template = "none"; + draw_minimal_borders = "yes"; + window_border_width = "0.1pt"; + + # Colors (Catppuccin Coal) + foreground = "#e0e0e0"; + background = "#262626"; + color0 = "#1f1f1f"; + color1 = "#f38ba8"; + color2 = "#a6e3a1"; + color3 = "#f9e2af"; + color4 = "#89b4fa"; + color5 = "#cba6f7"; + color6 = "#89dceb"; + color7 = "#e0e0e0"; + color8 = "#565656"; + color9 = "#f38ba8"; + color10 = "#a6e3a1"; + color11 = "#f9e2af"; + color12 = "#89b4fa"; + color13 = "#cba6f7"; + color14 = "#89dceb"; + color15 = "#ffffff"; + + # Font settings + font_family = "JetBrainsMonoNL Nerd Font"; + font_size = config.components.kitty.font_size; + bold_font = "auto"; + italic_font = "auto"; + italic_bold_font = "auto"; + }; + + # If you want to include extra configuration this way instead of through the main `settings` attribute + extraConfig = '' + # You can add additional config here if needed + ''; + }; + }; +} diff --git a/flakes/common/hm_modules/launcher_rofi.nix b/common/_home_manager/mods/launcher_rofi.nix similarity index 89% rename from flakes/common/hm_modules/launcher_rofi.nix rename to common/_home_manager/mods/launcher_rofi.nix index df884a9..353b29e 100644 --- a/flakes/common/hm_modules/launcher_rofi.nix +++ b/common/_home_manager/mods/launcher_rofi.nix @@ -10,7 +10,7 @@ modi = "drun,run,ssh,window,calc"; terminal = "alacritty"; }; - theme = "Arc-Dark"; + theme = "glue_pro_blue"; }; programs.wofi = { enable = true; diff --git a/common/_home_manager/mods/nix_deprecations.nix b/common/_home_manager/mods/nix_deprecations.nix new file mode 100644 index 0000000..d281d87 --- /dev/null +++ b/common/_home_manager/mods/nix_deprecations.nix @@ -0,0 +1,18 @@ +{ ... }: +{ + programs.zsh.shellAliases = { + # Nix deprecations + nix-hash = "echo 'The functionality of nix-hash may be covered by various subcommands or options in the new `nix` command.'"; + nix-build = "echo 'Use `nix build` instead.'"; + nix-info = "echo 'Use `nix flake info` or other `nix` subcommands to obtain system and Nix information.'"; + nix-channel = "echo 'Channels are being phased out in favor of flakes. Use `nix flake` subcommands.'"; + nix-instantiate = "echo 'Use `nix eval` or `nix-instantiate` with flakes.'"; + nix-collect-garbage = "echo 'Use `nix store gc` instead.'"; + nix-prefetch-url = "echo 'Use `nix-prefetch` or fetchers in Nix expressions.'"; + nix-copy-closure = "echo 'Use `nix copy` instead.'"; + nix-shell = "echo 'Use `nix shell` instead.'"; + # nix-daemon # No direct replacement: The Nix daemon is still in use and managed by the system service manager. + nix-store = "echo 'Use `nix store` subcommands for store operations.'"; + nix-env = "echo 'Use `nix profile` instead'"; + }; +} diff --git a/common/_home_manager/mods/obs.nix b/common/_home_manager/mods/obs.nix new file mode 100644 index 0000000..68d6d68 --- /dev/null +++ b/common/_home_manager/mods/obs.nix @@ -0,0 +1,4 @@ +{ ... }: +{ + programs.obs-studio.enable = true; +} diff --git a/flakes/common/hm_modules/postgres_cli_options.nix b/common/_home_manager/mods/postgres.nix similarity index 100% rename from flakes/common/hm_modules/postgres_cli_options.nix rename to common/_home_manager/mods/postgres.nix diff --git a/flakes/common/hm_modules/slicer.nix b/common/_home_manager/mods/slicer.nix similarity index 100% rename from flakes/common/hm_modules/slicer.nix rename to common/_home_manager/mods/slicer.nix diff --git a/flakes/common/hm_modules/ssh.nix b/common/_home_manager/mods/ssh.nix similarity index 96% rename from flakes/common/hm_modules/ssh.nix rename to common/_home_manager/mods/ssh.nix index e86e3ab..50c4e68 100644 --- a/flakes/common/hm_modules/ssh.nix +++ b/common/_home_manager/mods/ssh.nix @@ -129,11 +129,6 @@ in user = "luser"; }; "h003" = lib.mkIf (hasSecret "nix2h003") { - identityFile = age.secrets.nix2h003.path; - hostname = "10.12.14.1"; - user = "luser"; - }; - "h003_" = lib.mkIf (hasSecret "nix2h003") { identityFile = age.secrets.nix2h003.path; user = "luser"; }; diff --git a/flakes/common/hm_modules/starship.nix b/common/_home_manager/mods/starship.nix similarity index 100% rename from flakes/common/hm_modules/starship.nix rename to common/_home_manager/mods/starship.nix diff --git a/flakes/common/hm_modules/tmux/tmux-reset.conf b/common/_home_manager/mods/tmux/tmux-reset.conf similarity index 87% rename from flakes/common/hm_modules/tmux/tmux-reset.conf rename to common/_home_manager/mods/tmux/tmux-reset.conf index 1ab2830..fd5dd3d 100644 --- a/flakes/common/hm_modules/tmux/tmux-reset.conf +++ b/common/_home_manager/mods/tmux/tmux-reset.conf @@ -35,20 +35,11 @@ bind -r right select-pane -R bind x kill-pane bind -r space resize-pane -Z bind S select-layout tiled - bind -r h select-pane -L bind -r j select-pane -D bind -r k select-pane -U bind -r l select-pane -R -bind -r C-h swap-pane -t '{left-of}' -bind -r C-j swap-pane -D -bind -r C-k swap-pane -U -bind -r C-l swap-pane -t '{right-of}' -bind -n C-Left resize-pane -L 5 -bind -n C-Down resize-pane -D 5 -bind -n C-Up resize-pane -U 5 -bind -n C-Right resize-pane -R 5 # Sessions bind $ command-prompt "rename-session %%" diff --git a/flakes/common/hm_modules/tmux/default.nix b/common/_home_manager/mods/tmux/tmux.nix similarity index 97% rename from flakes/common/hm_modules/tmux/default.nix rename to common/_home_manager/mods/tmux/tmux.nix index 6d67f51..7e3038b 100644 --- a/flakes/common/hm_modules/tmux/default.nix +++ b/common/_home_manager/mods/tmux/tmux.nix @@ -68,4 +68,9 @@ } ]; }; + + home.shellAliases = { + t = "tmux"; + tat = "tmux attach-session"; + }; } diff --git a/flakes/common/hm_modules/zoxide.nix b/common/_home_manager/mods/zoxide.nix similarity index 100% rename from flakes/common/hm_modules/zoxide.nix rename to common/_home_manager/mods/zoxide.nix diff --git a/flakes/common/hm_modules/zsh.nix b/common/_home_manager/mods/zsh.nix similarity index 100% rename from flakes/common/hm_modules/zsh.nix rename to common/_home_manager/mods/zsh.nix diff --git a/common/boot/default.nix b/common/boot/default.nix new file mode 100644 index 0000000..9561386 --- /dev/null +++ b/common/boot/default.nix @@ -0,0 +1,35 @@ +{ config, lib, ... }: +let + ccfg = import ../config.nix; + cfg = config.${ccfg.custom_config_key}.boot; +in +{ + imports = [ + ./grub.nix + ./systemd.nix + ]; + config = { + assertions = [ + ( + let + enabledBootloaders = lib.filter (x: x.enabled) [ + { + name = "systemd"; + enabled = cfg.systemd.enable; + } + { + name = "grub"; + enabled = cfg.grub.enable; + } + ]; + in + { + assertion = lib.length enabledBootloaders <= 1; + message = + "Only one bootloader can be enabled at a time. Enabled: " + + lib.concatStringsSep ", " (map (x: x.name) enabledBootloaders); + } + ) + ]; + }; +} diff --git a/common/boot/grub.nix b/common/boot/grub.nix new file mode 100644 index 0000000..c922d57 --- /dev/null +++ b/common/boot/grub.nix @@ -0,0 +1,35 @@ +{ + config, + lib, + ... +}: +let + ccfg = import ../config.nix; + cfg_path = [ + ccfg.custom_config_key + "boot" + "grub" + ]; + cfg = lib.attrsets.getAttrFromPath cfg_path config; +in +{ + options = + { } + // lib.attrsets.setAttrByPath cfg_path { + enable = lib.mkEnableOption "Grub bootloader"; + device = lib.mkOption { + type = lib.types.str; + default = "/dev/sda"; + description = '' + The device to install GRUB on. + ''; + }; + }; + + config = lib.mkIf cfg.enable { + boot.loader.grub = { + enable = true; + device = cfg.device; + }; + }; +} diff --git a/common/boot/systemd.nix b/common/boot/systemd.nix new file mode 100644 index 0000000..7021795 --- /dev/null +++ b/common/boot/systemd.nix @@ -0,0 +1,33 @@ +{ + config, + lib, + ... +}: +let + ccfg = import ../config.nix; + cfg_path = [ + ccfg.custom_config_key + "boot" + "systemd" + ]; + cfg = lib.attrsets.getAttrFromPath cfg_path config; +in +{ + options = + { } + // lib.attrsets.setAttrByPath cfg_path { + enable = lib.mkEnableOption "Systemd bootloader"; + }; + config = lib.mkIf cfg.enable { + boot.loader = { + systemd-boot = { + enable = true; + consoleMode = "keep"; + }; + timeout = 5; + efi = { + canTouchEfiVariables = true; + }; + }; + }; +} diff --git a/common/config.nix b/common/config.nix new file mode 100644 index 0000000..3292380 --- /dev/null +++ b/common/config.nix @@ -0,0 +1,3 @@ +{ + custom_config_key = "ringofstorms_common"; +} diff --git a/common/desktop_environment/cosmic/default.nix b/common/desktop_environment/cosmic/default.nix new file mode 100644 index 0000000..6a81d92 --- /dev/null +++ b/common/desktop_environment/cosmic/default.nix @@ -0,0 +1,57 @@ +{ + config, + lib, + pkgs, + ... +}: +let + ccfg = import ../../config.nix; + cfg_path = [ ccfg.custom_config_key "desktopEnvironment" "cosmic" ]; + cfg = lib.attrsets.getAttrFromPath cfg_path config; +in +with lib; +{ + options = {} + // lib.attrsets.setAttrByPath cfg_path { + enable = lib.mkEnableOption "COSMIC desktop environment (System76)"; + terminalCommand = mkOption { + type = lib.types.str; + default = "foot"; + description = "The terminal command to use."; + }; + }; + + config = lib.mkIf cfg.enable { + services.greetd = { + enable = true; + vt = 2; + # settings.default_session = { + # command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --remember --remember-session --cmd '${pkgs.dbus}/bin/dbus-run-session ${pkgs.cosmic}/bin/cosmic-session'"; + # user = "greeter"; + # }; + }; + + # Caps Lock as Escape for console/tty + console.useXkbConfig = true; + services.xserver.xkb = { + layout = "us"; + options = "caps:escape"; + }; + + environment.systemPackages = with pkgs; [ + wl-clipboard + wofi + btop + ]; + + xdg.portal.enable = true; + + environment.sessionVariables = { + NIXOS_OZONE_WL = "1"; + GTK_THEME = "Adwaita:dark"; + }; + + qt = { enable = true; platformTheme = "gtk2"; style = "adwaita-dark"; }; + hardware.graphics.enable = true; + }; +} diff --git a/common/desktop_environment/default.nix b/common/desktop_environment/default.nix new file mode 100644 index 0000000..6e50a40 --- /dev/null +++ b/common/desktop_environment/default.nix @@ -0,0 +1,50 @@ +{ config, lib, ... }: +let + ccfg = import ../config.nix; + cfg = config.${ccfg.custom_config_key}.desktopEnvironment; +in +{ + imports = [ + ./gnome + # ./hyprland + ./sway + ./cosmic + ./i3 + ]; + config = { + assertions = [ + ( + let + enabledDEs = lib.filter (x: x.enabled) [ + { + name = "gnome"; + enabled = cfg.gnome.enable; + } + # { + # name = "hyprland"; + # enabled = cfg.hyprland.enable; + # } + { + name = "sway"; + enabled = cfg.sway.enable; + } + { + name = "cosmic"; + enabled = cfg.cosmic.enable; + } + { + name = "i3"; + enabled = cfg.i3.enable; + } + ]; + in + { + assertion = lib.length enabledDEs <= 1; + message = + "Only one desktop environment can be enabled at a time. Enabled: " + + lib.concatStringsSep ", " (map (x: x.name) enabledDEs); + } + ) + ]; + }; +} diff --git a/common/desktop_environment/gnome/black.png b/common/desktop_environment/gnome/black.png new file mode 100644 index 0000000..b87512f Binary files /dev/null and b/common/desktop_environment/gnome/black.png differ diff --git a/common/desktop_environment/gnome/dconf.nix b/common/desktop_environment/gnome/dconf.nix new file mode 100644 index 0000000..141baa7 --- /dev/null +++ b/common/desktop_environment/gnome/dconf.nix @@ -0,0 +1,208 @@ +{ cfg }: +{ + lib, + pkgs, + ... +}: +{ + config = lib.mkIf cfg.enable { + home-manager.sharedModules = [ + ( + { lib, ... }: + with lib.hm.gvariant; + { + # use `dconf dump /` before and after and diff the files for easy editing of dconf below + # dconf dump / > /tmp/dconf_dump_start && watch -n0.5 "dconf dump / > /tmp/dconf_dump_current && \diff --color /tmp/dconf_dump_start /tmp/dconf_dump_current -U12" + # To get nix specific diff: + # \diff -u /tmp/dconf_dump_start /tmp/dconf_dump_current | grep '^+[^+]' | sed 's/^+//' | dconf2nix + # OR (Must be logged into user directly, no SU to user will work): `dconf watch /` + # OR get the exact converted nixConfig from `dconf dump / | dconf2nix | less` and search with forward slash + dconf.settings = { + "org/gnome/shell" = { + favorite-apps = [ ]; + enabled-extensions = with pkgs.gnomeExtensions; [ + vertical-workspaces.extensionUuid + compact-top-bar.extensionUuid + tray-icons-reloaded.extensionUuid + vitals.extensionUuid + ] ++ lib.optionals cfg.enableRotate [ + screen-rotate.extensionUuid + ]; + }; + + # Plugin Settings + "org/gnome/shell/extensions/vertical-workspaces" = { + animation-speed-factor = 42; + center-dash-to-ws = false; + dash-bg-color = 0; + dash-position = 2; + dash-position-adjust = 0; + hot-corner-action = 0; + startup-state = 1; + ws-switcher-wraparound = true; + }; + "org/gnome/shell/extensions/compact-top-bar" = { + fade-text-on-fullscreen = true; + }; + "org/gnome/shell/extensions/vitals" = { + position-in-panel = 1; + }; + + # Built in settings + "org/gnome/desktop/session" = { + idle-delay = mkUint32 0; + }; + "org/gnome/desktop/wm/preferences" = { + resize-with-right-button = true; + button-layout = "maximize:appmenu,close"; + audible-bell = false; + wrap-around = true; + }; + "org/gnome/settings-daemon/plugins/media-keys" = { + # Disable the lock screen shortcut + screensaver = [ "" ]; + custom-keybindings = [ + "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/" + "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1/" + ]; + }; + "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = { + binding = "Return"; + command = cfg.terminalCommand; + name = "Launch terminal"; + }; + "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1" = { + binding = "Space"; + command = "wofi"; + name = "Launcher"; + }; + "org/gnome/desktop/wm/keybindings" = { + minimize = [ "" ]; + move-to-workspace-1 = [ "" ]; + move-to-workspace-2 = [ "" ]; + move-to-workspace-3 = [ "" ]; + move-to-workspace-4 = [ "" ]; + move-to-workspace-last = [ "" ]; + move-to-workspace-down = [ "j" ]; + move-to-workspace-up = [ "k" ]; + # move-to-workspace-left = [ "h" ]; + # move-to-workspace-right = [ "l" ]; + switch-input-source = [ ]; + switch-input-source-backward = [ ]; + switch-to-workspace-1 = [ "1" ]; + switch-to-workspace-2 = [ "2" ]; + switch-to-workspace-3 = [ "3" ]; + switch-to-workspace-4 = [ "4" ]; + switch-to-workspace-last = [ "" ]; + switch-to-workspace-down = [ "j" ]; + switch-to-workspace-up = [ "k" ]; + # switch-to-workspace-left = [ "k" ]; + # switch-to-workspace-right = [ "j" ]; + # move-to-monitor-down = [ "j" ]; + # move-to-monitor-up = [ "k" ]; + move-to-monitor-left = [ "h" ]; + move-to-monitor-right = [ "l" ]; + unmaximize = [ "j" ]; + maximize = [ "k" ]; + }; + "org/gnome/mutter" = { + dynamic-workspaces = true; + edge-tiling = true; + workspaces-only-on-primary = true; + center-new-windows = true; + }; + "org/gnome/mutter/keybindings" = { + toggle-tiled-right = [ "l" ]; + toggle-tiled-left = [ "h" ]; + }; + "org/gnome/settings-daemon/plugins/power" = { + power-button-action = "nothing"; + sleep-inactive-ac-type = "nothing"; + sleep-inactive-battery-type = "nothing"; + idle-brightness = 15; + power-saver-profile-on-low-battery = false; + }; + "org/gnome/desktop/background" = { + color-shading-type = "solid"; + picture-options = "zoom"; + picture-uri = "file://" + (./black.png); + picture-uri-dark = "file://" + (./black.png); + primary-color = "#000000000000"; + secondary-color = "#000000000000"; + }; + "org/gnome/desktop/screensaver" = { + lock-enabled = false; + idle-activation-enabled = false; + picture-options = "zoom"; + picture-uri = "file://" + (./black.png); + picture-uri-dark = "file://" + (./black.png); + }; + "org/gnome/desktop/applications/terminal" = { + exec = "alacritty"; + }; + "org/gnome/settings-daemon/plugins/color" = { + night-light-enabled = false; + night-light-schedule-automatic = false; + }; + "org/gnome/shell/keybindings" = { + shift-overview-down = [ "" ]; + shift-overview-up = [ "" ]; + switch-to-application-1 = [ "" ]; + switch-to-application-2 = [ "" ]; + switch-to-application-3 = [ "" ]; + switch-to-application-4 = [ "" ]; + switch-to-application-5 = [ "" ]; + switch-to-application-6 = [ "" ]; + switch-to-application-7 = [ "" ]; + switch-to-application-8 = [ "" ]; + switch-to-application-9 = [ "" ]; + toggle-quick-settings = [ "" ]; + toggle-application-view = [ "" ]; + }; + "org/gtk/gtk4/settings/file-chooser" = { + show-hidden = true; + }; + + "org/gnome/desktop/interface" = { + accent-color = "orange"; + show-battery-percentage = true; + clock-show-date = true; + clock-show-seconds = true; + clock-show-weekday = true; + color-scheme = "prefer-dark"; + cursor-size = 24; + enable-animations = true; + enable-hot-corners = false; + font-antialiasing = "grayscale"; + font-hinting = "slight"; + gtk-theme = "Adwaita-dark"; + # icon-theme = "Yaru-magenta-dark"; + }; + + "org/gnome/desktop/notifications" = { + application-children = [ "org-gnome-tweaks" ]; + }; + + "org/gnome/desktop/notifications/application/org-gnome-tweaks" = { + application-id = "org.gnome.tweaks.desktop"; + }; + + "org/gnome/desktop/peripherals/mouse" = { + natural-scroll = false; + }; + + "org/gnome/desktop/peripherals/touchpad" = { + disable-while-typing = true; + two-finger-scrolling-enabled = true; + natural-scroll = true; + }; + + "org/gnome/tweaks" = { + show-extensions-notice = false; + }; + }; + } + ) + ]; + }; +} diff --git a/common/desktop_environment/gnome/default.nix b/common/desktop_environment/gnome/default.nix new file mode 100644 index 0000000..9f36b57 --- /dev/null +++ b/common/desktop_environment/gnome/default.nix @@ -0,0 +1,86 @@ +{ + config, + lib, + pkgs, + ... +}: +let + ccfg = import ../../config.nix; + cfg_path = [ + ccfg.custom_config_key + "desktopEnvironment" + "gnome" + ]; + cfg = lib.attrsets.getAttrFromPath cfg_path config; +in +with lib; +{ + options = + { } + // lib.attrsets.setAttrByPath cfg_path { + enable = lib.mkEnableOption "gnome desktop environment"; + terminalCommand = mkOption { + type = lib.types.str; + default = "kitty"; + description = "The terminal command to use."; + }; + enableRotate = lib.mkEnableOption "enable screen rotation"; + }; + + imports = [ + (import ./dconf.nix { inherit cfg; }) + (import ./wofi.nix { inherit cfg; }) + ]; + + config = lib.mkIf cfg.enable { + services.xserver = { + enable = true; + desktopManager.gnome.enable = true; + displayManager.gdm = { + enable = true; + autoSuspend = false; + wayland = true; + }; + }; + services.gnome.gnome-initial-setup.enable = false; + + environment.gnome.excludePackages = with pkgs; [ + gnome-backgrounds + gnome-video-effects + gnome-maps + gnome-music + gnome-tour + gnome-text-editor + gnome-user-docs + ]; + environment.systemPackages = with pkgs; [ + dconf-editor + dconf2nix + gnome-tweaks + wayland + wayland-utils + wl-clipboard + numix-cursor-theme + gnomeExtensions.vertical-workspaces + gnomeExtensions.compact-top-bar + gnomeExtensions.tray-icons-reloaded + gnomeExtensions.vitals + ] ++ lib.optionals cfg.enableRotate [ + gnomeExtensions.screen-rotate + ]; + environment.sessionVariables = { + NIXOS_OZONE_WL = "1"; + GTK_THEME = "Adwaita:dark"; + }; + + qt = { + enable = true; + platformTheme = "gnome"; + style = "adwaita-dark"; + }; + + hardware.graphics = { + enable = true; + }; + }; +} diff --git a/common/desktop_environment/gnome/wofi.css b/common/desktop_environment/gnome/wofi.css new file mode 100644 index 0000000..976c0ef --- /dev/null +++ b/common/desktop_environment/gnome/wofi.css @@ -0,0 +1,51 @@ +window { + margin: 0px; + border: 1px solid #171717; + background-color: #262626; +} + +#input { + margin: 5px; + border: none; + color: #e0e0e0; + background-color: #1f1f1f; +} + +#inner-box { + margin: 5px; + border: none; + background-color: #171717; +} + +#outer-box { + margin: 5px; + border: none; + background-color: #191919; +} + +#scroll { + margin: 0px; + border: none; +} + +#text { + margin: 5px; + border: none; + color: #e0e0e0; +} + +#entry.activatable #text { + color: #cccccc; +} + +#entry>* { + color: #e0e0e0; +} + +#entry:selected { + background-color: #4f4f4f; +} + +#entry:selected #text { + font-weight: bold; +} diff --git a/common/desktop_environment/gnome/wofi.nix b/common/desktop_environment/gnome/wofi.nix new file mode 100644 index 0000000..d3cd8e2 --- /dev/null +++ b/common/desktop_environment/gnome/wofi.nix @@ -0,0 +1,31 @@ +{ cfg }: +{ lib, ... }: +{ + config = lib.mkIf cfg.enable { + home-manager.sharedModules = [ + ( + { lib, ... }: + { + programs.wofi = { + enable = true; + settings = { + width = "28%"; + height = "38%"; + show = "drun"; + location = "center"; + gtk_dark = true; + valign = "center"; + key_backward = "Ctrl+k"; + key_forward = "Ctrl+j"; + insensitive = true; + prompt = "Run"; + allow_images = true; + }; + style = builtins.readFile ./wofi.css; + }; + } + ) + ]; + + }; +} diff --git a/common/desktop_environment/hyprland/default.nix b/common/desktop_environment/hyprland/default.nix new file mode 100644 index 0000000..40d332a --- /dev/null +++ b/common/desktop_environment/hyprland/default.nix @@ -0,0 +1,151 @@ +{ + config, + lib, + pkgs, + hyprland, + hyprlandPkgs, + ... +}: +let + ccfg = import ../../config.nix; + cfg_path = [ + ccfg.custom_config_key + "desktopEnvironment" + "hyprland" + ]; + cfg = lib.attrsets.getAttrFromPath cfg_path config; +in +with lib; +{ + options = + { } + // lib.attrsets.setAttrByPath cfg_path { + enable = lib.mkEnableOption "hyprland desktop environment"; + terminalCommand = mkOption { + type = lib.types.str; + default = "foot"; + description = "The terminal command to use."; + }; + extraOptions = mkOption { + type = lib.types.attrs; + default = { }; + description = "Extra options for Hyprland configuration."; + }; + swaync = { + enable = lib.mkEnableOption "Enable Swaync (notification center for Hyprland)"; + }; + waybar = { + enable = lib.mkEnableOption "Enable Waybar (status bar for Hyprland)"; + }; + }; + + config = lib.mkIf cfg.enable { + # Enable for all users + home-manager = { + sharedModules = [ + hyprland.homeManagerModules.default + ./home_manager + ]; + }; + + services.greetd = { + enable = true; + vt = 2; + settings = { + default_session = { + command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --remember --remember-session --cmd '${pkgs.dbus}/bin/dbus-run-session ${hyprlandPkgs.hyprland}/bin/Hyprland'"; + user = "greeter"; + }; + }; + }; + + # Caps Lock as Escape for console/tty + console.useXkbConfig = true; + services.xserver.xkb = { + layout = "us"; + options = "caps:escape"; + }; + + environment.systemPackages = with pkgs; [ + wl-clipboard + wl-clip-persist + wofi # application launcher + nemo # file manager (x11) + # nautilus # file manager + feh # image viewer (x11) + # imv # image viewer + networkmanager # network management + upower # power management + brightnessctl # screen/keyboard brightness control + wireplumber # media session manager + libgtop # system monitor library + bluez # Bluetooth support + power-profiles-daemon # power profiles + grim + slurp + hyprpicker + grimblast # screenshot tool + wf-recorder # screen recording tool + btop # system monitor + ]; + + services.blueman.enable = config.hardware.bluetooth.enable; + + programs.hyprland = { + enable = true; + # xwayland.enable = false; + withUWSM = true; + + # set the flake package + package = hyprlandPkgs.hyprland; + # make sure to also set the portal package, so that they are in sync + # This is set below now in xdf portal directly so we can also add things like gtk + # portalPackage = hyprlandPkgs.xdg-desktop-portal-hyprland; + }; + + xdg.portal = { + enable = true; + extraPortals = lib.mkForce [ + hyprlandPkgs.xdg-desktop-portal-hyprland + hyprlandPkgs.xdg-desktop-portal-gtk + ]; + config.common.default = [ + "hyprland" + "gtk" + ]; + }; + + hardware.graphics = { + enable = true; + package = hyprlandPkgs.mesa; + # if you also want 32-bit support (e.g for Steam) + # enable32Bit = true; + package32 = hyprlandPkgs.pkgsi686Linux.mesa; + }; + + # Environment variables + environment.sessionVariables = { + GTK_THEME = "Adwaita:dark"; + XDG_SESSION_TYPE = "wayland"; + XDG_CURRENT_DESKTOP = "Hyprland"; + XDG_SESSION_DESKTOP = "Hyprland"; + WLR_RENDERER = "auto"; + + # Tell apps to run native wayland + NIXOS_OZONE_WL = "1"; + ELECTRON_OZONE_PLATFORM_HINT = "wayland"; + GDK_BACKEND = "wayland,x11"; # GTK + QT_QPA_PLATFORM = "wayland;xcb"; # Qt 5/6 + MOZ_ENABLE_WAYLAND = "1"; # Firefox + SDL_VIDEODRIVER = "wayland"; # SDL apps/games + CLUTTER_BACKEND = "wayland"; # You already have this + }; + + # Qt theming + qt = { + enable = true; + platformTheme = "gtk2"; + style = "adwaita-dark"; + }; + }; +} diff --git a/flakes/hyprland/home_manager/default.nix b/common/desktop_environment/hyprland/home_manager/default.nix similarity index 90% rename from flakes/hyprland/home_manager/default.nix rename to common/desktop_environment/hyprland/home_manager/default.nix index 57dac88..9533253 100644 --- a/flakes/hyprland/home_manager/default.nix +++ b/common/desktop_environment/hyprland/home_manager/default.nix @@ -3,7 +3,6 @@ imports = [ ./theme.nix ./hyprland.nix - ./hyprpaper.nix # ./quickshell.nix ./waybar.nix ./hyprpolkitagent.nix diff --git a/flakes/hyprland/home_manager/hyprland.nix b/common/desktop_environment/hyprland/home_manager/hyprland.nix similarity index 92% rename from flakes/hyprland/home_manager/hyprland.nix rename to common/desktop_environment/hyprland/home_manager/hyprland.nix index afd313e..dc17934 100644 --- a/flakes/hyprland/home_manager/hyprland.nix +++ b/common/desktop_environment/hyprland/home_manager/hyprland.nix @@ -4,6 +4,15 @@ hyprlandPkgs, ... }: +let + ccfg = import ../../../config.nix; + cfg_path = [ + ccfg.custom_config_key + "desktopEnvironment" + "hyprland" + ]; + cfg = lib.attrsets.getAttrFromPath cfg_path osConfig; +in { wayland.windowManager.hyprland = { enable = true; @@ -12,12 +21,12 @@ # hyprspace # ]; - settings = { + settings = lib.attrsets.recursiveUpdate { # Debug logs enabled when this is uncommented debug.disable_logs = false; debug.disable_time = false; - # exec-once = [ "pgrep waybar>/dev/null || waybar" ]; + exec-once = [ "pgrep waybar>/dev/null || waybar" ]; # Default monitor configuration monitor = "monitor = , preferred, auto, 1"; @@ -80,13 +89,12 @@ bind = [ # Applications - "$mainMod, Return, exec, foot" + "$mainMod, Return, exec, ${cfg.terminalCommand}" "$mainMod, Space, exec, pkill wofi || wofi --show drun" "$mainMod, q, killactive" "$mainMod SHIFT, escape, exit" "$mainMod SHIFT, q, exec, swaylock" "$mainMod, f, togglefloating" - "$mainMod SHIFT, F, fullscreen" "$mainMod, g, pseudo" "$mainMod, t, togglesplit" @@ -162,6 +170,6 @@ "$mainMod, mouse:273, resizewindow" ]; - }; + } cfg.extraOptions; }; } diff --git a/flakes/hyprland/home_manager/hyprpolkitagent.nix b/common/desktop_environment/hyprland/home_manager/hyprpolkitagent.nix similarity index 100% rename from flakes/hyprland/home_manager/hyprpolkitagent.nix rename to common/desktop_environment/hyprland/home_manager/hyprpolkitagent.nix diff --git a/flakes/hyprland/home_manager/quickshell.nix b/common/desktop_environment/hyprland/home_manager/quickshell.nix similarity index 94% rename from flakes/hyprland/home_manager/quickshell.nix rename to common/desktop_environment/hyprland/home_manager/quickshell.nix index ac12426..2f5032c 100644 --- a/flakes/hyprland/home_manager/quickshell.nix +++ b/common/desktop_environment/hyprland/home_manager/quickshell.nix @@ -1,8 +1,19 @@ { + osConfig, + lib, pkgs, upkgs, ... }: +let + ccfg = import ../../../config.nix; + cfg_path = [ + ccfg.custom_config_key + "desktopEnvironment" + "hyprland" + ]; + cfg = lib.attrsets.getAttrFromPath cfg_path osConfig; +in { home.packages = with pkgs; [ upkgs.quickshell diff --git a/flakes/hyprland/home_manager/scripts.nix b/common/desktop_environment/hyprland/home_manager/scripts.nix similarity index 100% rename from flakes/hyprland/home_manager/scripts.nix rename to common/desktop_environment/hyprland/home_manager/scripts.nix diff --git a/flakes/hyprland/home_manager/scripts/confirm-action.sh b/common/desktop_environment/hyprland/home_manager/scripts/confirm-action.sh similarity index 100% rename from flakes/hyprland/home_manager/scripts/confirm-action.sh rename to common/desktop_environment/hyprland/home_manager/scripts/confirm-action.sh diff --git a/flakes/hyprland/home_manager/scripts/toggle-airplane-mode.sh b/common/desktop_environment/hyprland/home_manager/scripts/toggle-airplane-mode.sh similarity index 100% rename from flakes/hyprland/home_manager/scripts/toggle-airplane-mode.sh rename to common/desktop_environment/hyprland/home_manager/scripts/toggle-airplane-mode.sh diff --git a/flakes/hyprland/home_manager/scripts/toggle-power-profile.sh b/common/desktop_environment/hyprland/home_manager/scripts/toggle-power-profile.sh similarity index 100% rename from flakes/hyprland/home_manager/scripts/toggle-power-profile.sh rename to common/desktop_environment/hyprland/home_manager/scripts/toggle-power-profile.sh diff --git a/flakes/hyprland/home_manager/scripts/wofi-bluetooth-menu.sh b/common/desktop_environment/hyprland/home_manager/scripts/wofi-bluetooth-menu.sh similarity index 100% rename from flakes/hyprland/home_manager/scripts/wofi-bluetooth-menu.sh rename to common/desktop_environment/hyprland/home_manager/scripts/wofi-bluetooth-menu.sh diff --git a/flakes/hyprland/home_manager/scripts/wofi-wifi-menu.sh b/common/desktop_environment/hyprland/home_manager/scripts/wofi-wifi-menu.sh similarity index 100% rename from flakes/hyprland/home_manager/scripts/wofi-wifi-menu.sh rename to common/desktop_environment/hyprland/home_manager/scripts/wofi-wifi-menu.sh diff --git a/flakes/hyprland/home_manager/swaylock.nix b/common/desktop_environment/hyprland/home_manager/swaylock.nix similarity index 100% rename from flakes/hyprland/home_manager/swaylock.nix rename to common/desktop_environment/hyprland/home_manager/swaylock.nix diff --git a/common/desktop_environment/hyprland/home_manager/swaync.nix b/common/desktop_environment/hyprland/home_manager/swaync.nix new file mode 100644 index 0000000..b26fa58 --- /dev/null +++ b/common/desktop_environment/hyprland/home_manager/swaync.nix @@ -0,0 +1,251 @@ +{ + lib, + osConfig, + ... +}: +let + ccfg = import ../../../config.nix; + cfg_path = [ + ccfg.custom_config_key + "desktopEnvironment" + "hyprland" + "swaync" + ]; + cfg = lib.attrsets.getAttrFromPath cfg_path osConfig; +in +{ + config = lib.mkIf cfg.enable { + services.swaync = { + enable = true; + settings = { + ignore = [ + "com.spotify.Client" + ]; + + positionX = "right"; + positionY = "top"; + layer = "overlay"; + control-center-layer = "top"; + layer-shell = true; + cssPriority = "application"; + + control-center-margin-top = 0; + control-center-margin-bottom = 0; + control-center-margin-right = 0; + control-center-margin-left = 0; + + notification-2fa-action = true; + notification-inline-replies = false; + notification-icon-size = 64; + notification-body-image-height = 100; + notification-body-image-width = 200; + + timeout = 10; + timeout-low = 5; + timeout-critical = 0; + + control-center-width = 500; + control-center-height = 600; + notification-window-width = 500; + + keyboard-shortcuts = true; + image-visibility = "when-available"; + transition-time = 200; + hide-on-clear = false; + hide-on-action = true; + script-fail-notify = true; + + widgets = [ + "inhibitors" + "title" + "dnd" + "volume" + "backlight" + "mpris" + "buttons-grid#quick" + "notifications" + ]; + + # Widget configurations + widget-config = { + inhibitors = { + text = "Inhibitors"; + button-text = "Clear All"; + clear-all-button = true; + }; + title = { + text = "Notifications"; + clear-all-button = true; + button-text = "Clear All"; + }; + dnd.text = "Do Not Disturb"; + mpris = { + image-size = 96; + image-radius = 12; + }; + volume = { + label = "󰕾"; + show-per-app = true; + }; + backlight = { + label = "󰃟"; + device = "intel_backlight"; + }; + "buttons-grid#quick" = { + columns = 4; # adjust: 3/4/5 + icon-size = 20; # tweak to taste + actions = [ + # Power + { + label = "󰐥"; + tooltip = "Shutdown"; + command = "confirm-action 'systemctl poweroff' 'Shutdown?'"; + } + { + label = "󰜉"; + tooltip = "Reboot"; + command = "confirm-action 'systemctl reboot' 'Reboot?'"; + } + { + label = "󰍃"; + tooltip = "Logout"; + command = "confirm-action 'hyprctl dispatch exit' 'Logout?'"; + } + ]; + }; + }; + }; + + # Custom CSS for the control center + style = '' + .control-center { + background: #1a1b26; + border: 2px solid #7dcae4; + border-radius: 12px; + } + + .control-center-list { + background: transparent; + } + + .control-center .notification-row:focus, + .control-center .notification-row:hover { + opacity: 1; + background: #24283b; + } + + .notification { + border-radius: 8px; + margin: 6px 12px; + box-shadow: 0 0 0 1px rgba(125, 196, 228, 0.3), 0 1px 3px 1px rgba(0, 0, 0, 0.7), 0 2px 6px 2px rgba(0, 0, 0, 0.3); + padding: 0; + } + + /* Widget styling */ + .widget-title { + margin: 8px; + font-size: 1.5rem; + color: #c0caf5; + } + + .widget-dnd { + margin: 8px; + font-size: 1.1rem; + color: #c0caf5; + } + + .widget-dnd > switch { + font-size: initial; + border-radius: 8px; + background: #414868; + border: 1px solid #7dcae4; + } + + .widget-dnd > switch:checked { + background: #7dcae4; + } + + .widget-mpris { + color: #c0caf5; + background: #24283b; + padding: 8px; + margin: 8px; + border-radius: 8px; + } + + .widget-mpris-player { + padding: 8px; + margin: 8px; + } + + .widget-mpris-title { + font-weight: bold; + font-size: 1.25rem; + } + + .widget-mpris-subtitle { + font-size: 1.1rem; + color: #9ece6a; + } + + .widget-volume { + background: #24283b; + padding: 8px; + margin: 8px; + border-radius: 8px; + color: #c0caf5; + } + + .widget-backlight { + background: #24283b; + padding: 8px; + margin: 8px; + border-radius: 8px; + color: #c0caf5; + } + + .widget-menubar { + background: #24283b; + padding: 8px; + margin: 8px; + border-radius: 8px; + color: #c0caf5; + } + + .widget-menubar .menu-item button { + background: #1f2335; + color: #c0caf5; + border-radius: 8px; + padding: 6px 10px; + margin: 4px; + border: 1px solid #2e3440; + font-family: "JetBrainsMonoNL Nerd Font"; + } + + .widget-menubar .menu-item button:hover { + background: #414868; + border-color: #7dcae4; + } + + .topbar-buttons button { + border: none; + background: transparent; + color: #c0caf5; + font-size: 1.1rem; + border-radius: 8px; + margin: 0 4px; + padding: 8px; + } + + .topbar-buttons button:hover { + background: #414868; + } + + .topbar-buttons button:active { + background: #7dcae4; + color: #1a1b26; + } + ''; + }; + }; +} diff --git a/common/desktop_environment/hyprland/home_manager/template.nix b/common/desktop_environment/hyprland/home_manager/template.nix new file mode 100644 index 0000000..905d5e4 --- /dev/null +++ b/common/desktop_environment/hyprland/home_manager/template.nix @@ -0,0 +1,18 @@ +{ + osConfig, + lib, + pkgs, + ... +}: +let + ccfg = import ../../../config.nix; + cfg_path = [ + ccfg.custom_config_key + "desktopEnvironment" + "hyprland" + ]; + cfg = lib.attrsets.getAttrFromPath cfg_path osConfig; +in +{ + +} diff --git a/flakes/hyprland/home_manager/theme.nix b/common/desktop_environment/hyprland/home_manager/theme.nix similarity index 100% rename from flakes/hyprland/home_manager/theme.nix rename to common/desktop_environment/hyprland/home_manager/theme.nix diff --git a/common/desktop_environment/hyprland/home_manager/waybar.nix b/common/desktop_environment/hyprland/home_manager/waybar.nix new file mode 100644 index 0000000..25c5986 --- /dev/null +++ b/common/desktop_environment/hyprland/home_manager/waybar.nix @@ -0,0 +1,267 @@ +{ + lib, + osConfig, + ... +}: +let + ccfg = import ../../../config.nix; + cfg_path = [ + ccfg.custom_config_key + "desktopEnvironment" + "hyprland" + "waybar" + ]; + cfg = lib.attrsets.getAttrFromPath cfg_path osConfig; +in +{ + config = lib.mkIf cfg.enable { + programs.waybar = { + enable = true; + systemd.enable = true; + settings = { + mainBar = { + layer = "top"; + position = "top"; + height = 30; + spacing = 6; + margin-top = 0; + margin-bottom = 0; + margin-left = 10; + margin-right = 10; + + modules-left = [ + "hyprland/workspaces" + ]; + + modules-center = [ + "clock" + "temperature" + "cpu" + "memory" + "disk" + ]; + + modules-right = [ + "pulseaudio" + "network" + "bluetooth" + "custom/notifications" + "hyprland/language" + ]; + + # Workspaces configuration + "hyprland/workspaces" = { + format = "{icon}"; + format-icons = { + "1" = "一"; + "2" = "二"; + "3" = "三"; + "4" = "四"; + "5" = "五"; + "6" = "六"; + "7" = "七"; + "8" = "八"; + "9" = "九"; + "10" = "十"; + "11" = "十一"; + "12" = "十二"; + "13" = "十三"; + "14" = "十四"; + "15" = "十五"; + "16" = "十六"; + "17" = "十七"; + "18" = "十八"; + "19" = "十九"; + "20" = "二十"; + }; + show-special = false; + }; + + pulseaudio = { + format = "{icon} {volume}%"; + format-bluetooth = "󰂰 {volume}%"; + format-bluetooth-muted = "󰂲 "; + format-muted = "󰖁 "; + format-source = "󰍬 {volume}%"; + format-source-muted = "󰍭 "; + format-icons = { + headphone = "󰋋"; + hands-free = "󰂑"; + headset = "󰂑"; + phone = "󰏲"; + portable = "󰦧"; + car = "󰄋"; + default = [ + "󰕿" + "󰖀" + "󰕾" + ]; + }; + scroll-step = 5; + on-click = "wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle"; + on-click-right = "swaync-client -t -sw"; + }; + + "custom/notifications" = { + format = "{icon} {}"; + format-icons = { + notification = ""; + none = ""; + dnd-notification = "󰂛"; + dnd-none = "󰂛"; + inhibited-notification = ""; + inhibited-none = ""; + dnd-inhibited-notification = "󰂛"; + dnd-inhibited-none = "󰂛"; + }; + return-type = "json"; + exec-if = "which swaync-client"; + exec = "swaync-client -swb"; + on-click = "swaync-client -t -sw"; + on-click-right = "swaync-client -d -sw"; + escape = true; + tooltip = false; + }; + + # Clock + clock = { + format = "{:%b %d, %H:%M}"; + }; + + temperature = { + thermal-zone = 2; + hwmon-path = "/sys/class/hwmon/hwmon2/temp1_input"; + critical-threshold = 80; + format-critical = "󰔏 {temperatureC}°C"; + format = "󰔏 {temperatureC}°C"; + }; + + cpu = { + format = "󰻠 {usage}%"; + tooltip = false; + on-click = "btop"; + }; + + memory = { + format = "󰍛 {}%"; + on-click = "btop"; + }; + + disk = { + interval = 30; + format = "󰋊 {percentage_used}%"; + path = "/"; + on-click = "btop"; + }; + + network = { + format-wifi = "󰤨 {essid} ({signalStrength}%)"; + format-ethernet = "󰈀 {ipaddr}/{cidr}"; + tooltip-format = "{ifname} via {gwaddr} "; + format-linked = "󰈀 {ifname} (No IP)"; + format-disconnected = "󰖪 Disconnected"; + on-click = "wofi-wifi-menu"; + on-click-right = "nmcli radio wifi toggle"; + }; + + bluetooth = { + format = "󰂯 {status}"; + format-connected = "󰂱 {device_alias}"; + format-connected-battery = "󰂱 {device_alias} {device_battery_percentage}%"; + tooltip-format = "{controller_alias}\t{controller_address}\n\n{num_connections} connected"; + tooltip-format-connected = "{controller_alias}\t{controller_address}\n\n{num_connections} connected\n\n{device_enumerate}"; + tooltip-format-enumerate-connected = "{device_alias}\t{device_address}"; + tooltip-format-enumerate-connected-battery = "{device_alias}\t{device_address}\t{device_battery_percentage}%"; + on-click = "wofi-bluetooth-menu"; + on-click-right = "bluetoothctl power toggle"; + }; + + # Keyboard input (language) + "hyprland/language" = { + format = "{}"; + format-en = "EN"; + format-ja = "JP"; + }; + }; + }; + + style = '' + * { + font-family: "JetBrainsMonoNL Nerd Font"; + font-size: 12px; + border: none; + border-radius: 0; + min-height: 0; + } + + window#waybar { + background: transparent; + border-radius: 10px; + margin: 0px; + } + + .modules-left, + .modules-center, + .modules-right { + background: rgba(26, 27, 38, 0.8); + border-radius: 10px; + margin: 4px; + padding: 0 10px; + } + + #workspaces { + padding: 0 5px; + } + + #workspaces button { + padding: 0 8px; + background: transparent; + color: #c0caf5; + border-radius: 5px; + margin: 2px; + } + + #workspaces button:hover { + background: rgba(125, 196, 228, 0.2); + color: #7dcae4; + } + + #workspaces button.active { + background: #7dcae4; + color: #1a1b26; + } + + #pulseaudio, + #custom-notifications, + #clock, + #temperature, + #cpu, + #memory, + #disk, + #network, + #bluetooth, + #language { + padding: 0 8px; + color: #c0caf5; + margin: 2px; + } + + #temperature.critical { + color: #f7768e; + } + + #network.disconnected { + color: #f7768e; + } + + #bluetooth.disabled { + color: #565f89; + } + + #pulseaudio.muted { + color: #565f89; + } + ''; + }; + }; +} diff --git a/flakes/hyprland/home_manager/wofi.nix b/common/desktop_environment/hyprland/home_manager/wofi.nix similarity index 100% rename from flakes/hyprland/home_manager/wofi.nix rename to common/desktop_environment/hyprland/home_manager/wofi.nix diff --git a/common/desktop_environment/i3/default.nix b/common/desktop_environment/i3/default.nix new file mode 100644 index 0000000..0ff2e22 --- /dev/null +++ b/common/desktop_environment/i3/default.nix @@ -0,0 +1,97 @@ +{ + config, + lib, + pkgs, + ... +}: +let + ccfg = import ../../config.nix; + cfg_path = [ + ccfg.custom_config_key + "desktopEnvironment" + "i3" + ]; + cfg = lib.attrsets.getAttrFromPath cfg_path config; +in +with lib; +{ + options = + { } + // lib.attrsets.setAttrByPath cfg_path { + enable = lib.mkEnableOption "i3 window manager"; + terminalCommand = mkOption { + type = lib.types.str; + default = "kitty"; + description = "The terminal command to use."; + }; + extraOptions = mkOption { + type = lib.types.attrs; + default = { }; + description = "Extra options for i3 home manager configuration."; + }; + }; + + config = lib.mkIf cfg.enable { + # Enable for all users + home-manager = { + sharedModules = [ + ./home_manager + ]; + }; + + services.greetd = { + enable = true; + vt = 2; + settings = { + default_session = { + command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --remember --remember-session --cmd '${pkgs.dbus}/bin/dbus-run-session ${pkgs.xorg.xinit}/bin/xinit ${pkgs.i3}/bin/i3'}"; + user = "greeter"; + }; + }; + }; + + # Caps Lock as Escape for console/tty + console.useXkbConfig = true; + services.xserver.xkb = { + layout = "us"; + options = "caps:escape"; + }; + + # flatpaks need this TODO remove flatpaks? + xdg.portal = { + enable = true; + extraPortals = lib.mkForce [ + pkgs.xdg-desktop-portal-gtk + ]; + config.common.default = [ + "gtk" + ]; + }; + + services.xserver = { + enable = true; + + # desktopManager = { + # xterm.enable = false; + # }; + + windowManager.i3 = { + enable = true; + extraPackages = with pkgs; [ + # dmenu # application launcher most people use + # i3status # gives you the default i3 status bar + # i3blocks # if you are planning on using i3blocks over i3status + ]; + }; + }; + services.displayManager.defaultSession = "none+i3"; + # programs.i3lock.enable = true; # default i3 screen locker + + environment.systemPackages = with pkgs; [ + xorg.xinit + xorg.setxkbmap + xorg.xset + ]; + + }; +} diff --git a/common/desktop_environment/i3/home_manager/default.nix b/common/desktop_environment/i3/home_manager/default.nix new file mode 100644 index 0000000..ff15d2d --- /dev/null +++ b/common/desktop_environment/i3/home_manager/default.nix @@ -0,0 +1,6 @@ +{ ... }: +{ + imports = [ + ./i3.nix + ]; +} diff --git a/common/desktop_environment/i3/home_manager/i3.nix b/common/desktop_environment/i3/home_manager/i3.nix new file mode 100644 index 0000000..b140a7f --- /dev/null +++ b/common/desktop_environment/i3/home_manager/i3.nix @@ -0,0 +1,47 @@ +{ + config, + osConfig, + lib, + ... +}: +let + ccfg = import ../../../config.nix; + cfg_path = [ + ccfg.custom_config_key + "desktopEnvironment" + "i3" + ]; + cfg = lib.attrsets.getAttrFromPath cfg_path osConfig; +in +{ + xsession.windowManager.i3 = { + enable = true; + config = lib.attrsets.recursiveUpdate { + startup = [ + { command = "setxkbmap -layout us -option caps:escape"; } + ]; + modifier = "Mod4"; + terminal = cfg.terminalCommand; + keybindings = + let + mod = config.xsession.windowManager.i3.config.modifier; + in + { + # Focus + "${mod}+h" = "focus left"; + "${mod}+l" = "focus right"; + "${mod}+k" = "focus up"; + "${mod}+j" = "focus down"; + # Apps + "${mod}+Return" = "exec ${cfg.terminalCommand}"; + # "${mod}+space" = "exec ${cfg.menu}"; TODO + "${mod}+q" = "kill"; + "${mod}+Shift+Escape" = "exit"; + "${mod}+Shift+q" = "exec i3lock"; + "${mod}+f" = "floating toggle"; + + }; + # See home-manager documentation for everything you can add here. + } cfg.extraOptions; + }; +} diff --git a/common/desktop_environment/sway/default.nix b/common/desktop_environment/sway/default.nix new file mode 100644 index 0000000..44c664b --- /dev/null +++ b/common/desktop_environment/sway/default.nix @@ -0,0 +1,139 @@ +{ + config, + lib, + pkgs, + ... +}: +let + ccfg = import ../../config.nix; + cfg_path = [ + ccfg.custom_config_key + "desktopEnvironment" + "sway" + ]; + cfg = lib.attrsets.getAttrFromPath cfg_path config; +in +with lib; +{ + options = + { } + // lib.attrsets.setAttrByPath cfg_path { + enable = lib.mkEnableOption "sway (Wayland i3) desktop environment"; + terminalCommand = mkOption { + type = lib.types.str; + default = "foot"; + description = "The terminal command to use."; + }; + extraOptions = mkOption { + type = lib.types.attrs; + default = { }; + description = "Extra options for Sway configuration."; + }; + swaync = { + enable = lib.mkEnableOption "Enable Sway Notification Center"; + }; + waybar = { + enable = lib.mkEnableOption "Enable Waybar (status bar for Sway)"; + }; + }; + + config = lib.mkIf cfg.enable { + # Enable for all users via Home Manager fragments in this module + home-manager = { + sharedModules = [ ./home_manager ]; + }; + + services.greetd = { + enable = true; + vt = 2; + settings = { + default_session = { + command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --remember --remember-session --cmd '${pkgs.dbus}/bin/dbus-run-session ${pkgs.sway}/bin/sway'"; + user = "greeter"; + }; + }; + }; + + # Caps Lock as Escape for console/tty and Wayland + console.useXkbConfig = true; + services.xserver.xkb = { + layout = "us"; + options = "caps:escape"; + }; + + # Core packages and tools + environment.systemPackages = with pkgs; [ + wl-clipboard + wl-clip-persist + wofi # application launcher + nemo # file manager (x11) + feh # image viewer (x11) + networkmanager + upower + brightnessctl + wireplumber + libgtop + bluez + power-profiles-daemon + grim + slurp + wf-recorder + btop + pavucontrol + ]; + + services.blueman.enable = config.hardware.bluetooth.enable; + + programs.sway = { + enable = true; + wrapperFeatures.gtk = true; # include GTK integration env + extraPackages = with pkgs; [ + xwayland # allow legacy X11 apps + ]; + }; + + xdg.portal = { + enable = true; + extraPortals = lib.mkForce [ + pkgs.xdg-desktop-portal-wlr + pkgs.xdg-desktop-portal-gtk + ]; + config.common.default = [ + "wlr" + "gtk" + ]; + }; + + hardware.graphics = { + enable = true; + # Keep defaults; Sway runs fine with mesa in system + }; + + # Environment variables + environment.sessionVariables = lib.mkMerge [ + { + GTK_THEME = "Adwaita:dark"; + XDG_SESSION_TYPE = "wayland"; + XDG_CURRENT_DESKTOP = "sway"; + XDG_SESSION_DESKTOP = "sway"; + WLR_RENDERER = "auto"; + + # Tell apps to run native wayland + NIXOS_OZONE_WL = "1"; + ELECTRON_OZONE_PLATFORM_HINT = "wayland"; + GDK_BACKEND = "wayland,x11"; # GTK + QT_QPA_PLATFORM = "wayland;xcb"; # Qt 5/6 + MOZ_ENABLE_WAYLAND = "1"; # Firefox + SDL_VIDEODRIVER = "wayland"; # SDL apps/games + CLUTTER_BACKEND = "wayland"; + } + ]; + + # Qt theming + qt = { + enable = true; + platformTheme = "gtk2"; + style = "adwaita-dark"; + }; + }; +} diff --git a/flakes/common/hm_modules/de_sway/default.nix b/common/desktop_environment/sway/home_manager/default.nix similarity index 100% rename from flakes/common/hm_modules/de_sway/default.nix rename to common/desktop_environment/sway/home_manager/default.nix diff --git a/flakes/common/hm_modules/de_sway/polkit.nix b/common/desktop_environment/sway/home_manager/polkit.nix similarity index 100% rename from flakes/common/hm_modules/de_sway/polkit.nix rename to common/desktop_environment/sway/home_manager/polkit.nix diff --git a/common/desktop_environment/sway/home_manager/sway.nix b/common/desktop_environment/sway/home_manager/sway.nix new file mode 100644 index 0000000..4ceea67 --- /dev/null +++ b/common/desktop_environment/sway/home_manager/sway.nix @@ -0,0 +1,185 @@ +{ + config, + osConfig, + lib, + ... +}: +let + ccfg = import ../../../config.nix; + cfg_path = [ + ccfg.custom_config_key + "desktopEnvironment" + "sway" + ]; + cfg = lib.attrsets.getAttrFromPath cfg_path osConfig; +in +{ + wayland.windowManager.sway = { + enable = true; + xwayland = true; + + config = lib.mkMerge [ + rec { + modifier = "Mod4"; # SUPER + terminal = cfg.terminalCommand; + menu = "wofi --show drun"; + + # Per-output workspace mapping (user can extend via extraOptions) + # Example (left as defaults): users can add `output HDMI-A-1 workspace 1,3,5` in extraOptions + + input = { + "type:keyboard" = { + xkb_layout = "us"; + xkb_options = "caps:escape"; + }; + "type:touchpad" = { + natural_scroll = "enabled"; + tap = "enabled"; + dwt = "enabled"; + }; + # Disable focus follows mouse to avoid accidental focus changes + # In Sway this behavior is controlled by focus_follows_mouse + }; + + focus = { + followMouse = "no"; + # onWindowActivation = "urgent"; # don't steal focus; mark urgent instead + }; + + gaps = { + inner = 2; + outer = 5; + smartGaps = false; + smartBorders = "on"; + }; + + colors = { + focused = { + background = "#444444"; + border = "#555555"; + childBorder = "#444444"; + indicator = "#595959"; + text = "#f1f1f1"; + }; + unfocused = { + background = "#222222"; + border = "#333333"; + childBorder = "#222222"; + indicator = "#292d2e"; + text = "#888888"; + }; + }; + + window = { + border = 1; + titlebar = false; + commands = [ + # Bitwarden chrome popup as floating example from Hyprland rules + { + criteria = { + app_id = "chrome-nngceckbapebfimnlniiiahkandclblb-Default"; + }; + command = "floating enable"; + } + { + criteria = { + app_id = "pavucontrol"; + }; + command = "floating enable, move position center, resize set 620 1200"; + } + { + criteria = { + class = "Google-chrome"; + window_role = "pop-up"; + }; + command = "floating enable, move position center, resize set 720 480"; + } + { + criteria = { + window_role = "pop-up"; + }; + command = "floating enable, move position center, resize set 640 420"; + } + { + criteria = { + window_role = "About"; + }; + command = "floating enable, move position center, resize set 640 420"; + } + ]; + }; + + # Keybindings mirroring Hyprland + keybindings = { + # Apps + "${modifier}+return" = "exec ${cfg.terminalCommand}"; + "${modifier}+space" = "exec pkill wofi || wofi --show drun"; + "${modifier}+q" = "kill"; + "${modifier}+shift+Escape" = "exit"; + "${modifier}+shift+q" = "exec swaylock"; + "${modifier}+f" = "floating toggle"; + + # Focus + "${modifier}+h" = "focus left"; + "${modifier}+l" = "focus right"; + "${modifier}+k" = "focus up"; + "${modifier}+j" = "focus down"; + + # Workspaces (numbers and vim-like mirror) + "${modifier}+1" = "workspace number 1"; + "${modifier}+n" = "workspace number 1"; + "${modifier}+2" = "workspace number 2"; + "${modifier}+m" = "workspace number 2"; + "${modifier}+3" = "workspace number 3"; + "${modifier}+comma" = "workspace number 3"; + "${modifier}+4" = "workspace number 4"; + "${modifier}+period" = "workspace number 4"; + "${modifier}+5" = "workspace number 5"; + "${modifier}+slash" = "workspace number 5"; + "${modifier}+6" = "workspace number 6"; + "${modifier}+7" = "workspace number 7"; + "${modifier}+8" = "workspace number 8"; + "${modifier}+9" = "workspace number 9"; + "${modifier}+0" = "workspace number 10"; + + # Move windows + "${modifier}+shift+h" = "move left"; + "${modifier}+shift+l" = "move right"; + "${modifier}+shift+k" = "move up"; + "${modifier}+shift+j" = "move down"; + "${modifier}+shift+1" = "move container to workspace number 1"; + "${modifier}+shift+n" = "move container to workspace number 1"; + "${modifier}+shift+2" = "move container to workspace number 2"; + "${modifier}+shift+m" = "move container to workspace number 2"; + "${modifier}+shift+3" = "move container to workspace number 3"; + "${modifier}+shift+comma" = "move container to workspace number 3"; + "${modifier}+shift+4" = "move container to workspace number 4"; + "${modifier}+shift+period" = "move container to workspace number 4"; + "${modifier}+shift+5" = "move container to workspace number 5"; + "${modifier}+shift+slash" = "move container to workspace number 5"; + "${modifier}+shift+6" = "move container to workspace number 6"; + "${modifier}+shift+7" = "move container to workspace number 7"; + "${modifier}+shift+8" = "move container to workspace number 8"; + "${modifier}+shift+9" = "move container to workspace number 9"; + "${modifier}+shift+0" = "move container to workspace number 10"; + + # Mouse bindings (Mod + drag) + "${modifier}+button1" = "move"; + "${modifier}+button3" = "resize"; + + # Screenshot + "Print" = "exec grim -g \"$(slurp)\" - | wl-copy"; + }; + + bars = [ ]; # Use Waybar via Home Manager + startup = [ + { + command = "exec sh -c 'sleep 0.01; swaymsg workspace number 7 ; sleep 0.01; swaymsg workspace number 1'"; + } + { command = "pgrep waybar >/dev/null || waybar"; } + ]; + } + cfg.extraOptions + ]; + }; +} diff --git a/flakes/common/hm_modules/de_sway/swaylock.nix b/common/desktop_environment/sway/home_manager/swaylock.nix similarity index 100% rename from flakes/common/hm_modules/de_sway/swaylock.nix rename to common/desktop_environment/sway/home_manager/swaylock.nix diff --git a/common/desktop_environment/sway/home_manager/swaync.nix b/common/desktop_environment/sway/home_manager/swaync.nix new file mode 100644 index 0000000..7fb0c8c --- /dev/null +++ b/common/desktop_environment/sway/home_manager/swaync.nix @@ -0,0 +1,112 @@ +{ lib, osConfig, ... }: +let + ccfg = import ../../../config.nix; + cfg_path = [ + ccfg.custom_config_key + "desktopEnvironment" + "sway" + "swaync" + ]; + cfg = lib.attrsets.getAttrFromPath cfg_path osConfig; +in +{ + config = lib.mkIf cfg.enable { + services.swaync = { + enable = true; + settings = { + ignore = [ "com.spotify.Client" ]; + positionX = "right"; + positionY = "top"; + layer = "overlay"; + control-center-layer = "top"; + layer-shell = true; + cssPriority = "application"; + control-center-margin-top = 0; + control-center-margin-bottom = 0; + control-center-margin-right = 0; + control-center-margin-left = 0; + notification-2fa-action = true; + notification-inline-replies = false; + notification-icon-size = 64; + notification-body-image-height = 100; + notification-body-image-width = 200; + timeout = 10; + timeout-low = 5; + timeout-critical = 0; + control-center-width = 500; + control-center-height = 600; + notification-window-width = 500; + keyboard-shortcuts = true; + image-visibility = "when-available"; + transition-time = 200; + hide-on-clear = false; + hide-on-action = true; + script-fail-notify = true; + widgets = [ + "inhibitors" + "title" + "dnd" + "volume" + "backlight" + "mpris" + "buttons-grid#quick" + "notifications" + ]; + widget-config = { + inhibitors = { + text = "Inhibitors"; + button-text = "Clear All"; + clear-all-button = true; + }; + title = { + text = "Notifications"; + clear-all-button = true; + button-text = "Clear All"; + }; + dnd.text = "Do Not Disturb"; + mpris = { + image-size = 96; + image-radius = 12; + }; + volume = { + label = "󰕾"; + show-per-app = true; + }; + backlight = { + label = "󰃟"; + device = "intel_backlight"; + }; + # "buttons-grid#quick" = { + # columns = 4; + # icon-size = 20; + # actions = [ + # { label = "󰐥"; tooltip = "Shutdown"; command = "confirm-action 'systemctl poweroff' 'Shutdown?'"; } + # { label = "󰜉"; tooltip = "Reboot"; command = "confirm-action 'systemctl reboot' 'Reboot?'"; } + # { label = "󰍃"; tooltip = "Logout"; command = "confirm-action 'swaymsg exit' 'Logout?'"; } + # ]; + # }; + }; + }; + style = '' + .control-center { background: #1a1b26; border: 2px solid #7dcae4; border-radius: 12px; } + .control-center-list { background: transparent; } + .control-center .notification-row:focus, .control-center .notification-row:hover { opacity: 1; background: #24283b; } + .notification { border-radius: 8px; margin: 6px 12px; box-shadow: 0 0 0 1px rgba(125,196,228,.3), 0 1px 3px 1px rgba(0,0,0,.7), 0 2px 6px 2px rgba(0,0,0,.3); padding: 0; } + .widget-title { margin: 8px; font-size: 1.5rem; color: #c0caf5; } + .widget-dnd { margin: 8px; font-size: 1.1rem; color: #c0caf5; } + .widget-dnd > switch { font-size: initial; border-radius: 8px; background: #414868; border: 1px solid #7dcae4; } + .widget-dnd > switch:checked { background: #7dcae4; } + .widget-mpris { color: #c0caf5; background: #24283b; padding: 8px; margin: 8px; border-radius: 8px; } + .widget-mpris-player { padding: 8px; margin: 8px; } + .widget-mpris-title { font-weight: bold; font-size: 1.25rem; } + .widget-mpris-subtitle { font-size: 1.1rem; color: #9ece6a; } + .widget-volume, .widget-backlight, .widget-menubar { background: #24283b; padding: 8px; margin: 8px; border-radius: 8px; color: #c0caf5; } + .widget-menubar .menu-item button { background: #1f2335; color: #c0caf5; border-radius: 8px; padding: 6px 10px; margin: 4px; border: 1px solid #2e3440; font-family: "JetBrainsMonoNL Nerd Font"; } + .widget-menubar .menu-item button:hover { background: #414868; border-color: #7dcae4; } + .topbar-buttons button { border: none; background: transparent; color: #c0caf5; font-size: 1.1rem; border-radius: 8px; margin: 0 4px; padding: 8px; } + .topbar-buttons button:hover { background: #414868; } + .topbar-buttons button:active { background: #7dcae4; color: #1a1b26; } + ''; + }; + }; +} diff --git a/flakes/common/hm_modules/de_sway/theme.nix b/common/desktop_environment/sway/home_manager/theme.nix similarity index 100% rename from flakes/common/hm_modules/de_sway/theme.nix rename to common/desktop_environment/sway/home_manager/theme.nix diff --git a/common/desktop_environment/sway/home_manager/waybar.nix b/common/desktop_environment/sway/home_manager/waybar.nix new file mode 100644 index 0000000..addb94c --- /dev/null +++ b/common/desktop_environment/sway/home_manager/waybar.nix @@ -0,0 +1,260 @@ +{ lib, osConfig, ... }: +let + ccfg = import ../../../config.nix; + cfg_path = [ + ccfg.custom_config_key + "desktopEnvironment" + "sway" + "waybar" + ]; + cfg = lib.attrsets.getAttrFromPath cfg_path osConfig; +in +{ + config = lib.mkIf cfg.enable { + + programs.waybar = { + enable = true; + systemd.enable = true; + settings = { + mainBar = { + layer = "top"; + position = "top"; + height = 28; + spacing = 6; + margin-top = 0; + margin-bottom = 0; + margin-left = 10; + margin-right = 10; + + modules-left = [ + "sway/workspaces" + ]; + modules-center = [ + "clock" + "temperature" + "cpu" + "memory" + "disk" + ]; + modules-right = [ + "battery" + "battery#bat2" + "pulseaudio" + "network" + "bluetooth" + "power-profiles-daemon" + "backlight" + "custom/notifications" + "sway/language" + "tray" + "custom/power" + ]; + + # LEFT + "sway/workspaces" = { + format = "{icon}"; + format-icons = { + "1" = "一"; + "2" = "二"; + "3" = "三"; + "4" = "四"; + "5" = "五"; + "6" = "六"; + "7" = "七"; + "8" = "八"; + "9" = "九"; + "10" = "十"; + "11" = "十一"; + "12" = "十二"; + "13" = "十三"; + "14" = "十四"; + "15" = "十五"; + "16" = "十六"; + "17" = "十七"; + "18" = "十八"; + "19" = "十九"; + "20" = "二十"; + }; + disable-scroll = false; + }; + + # CENTER + clock = { + format = "{:%b %d, %H:%M}"; + tooltip-format = "{:%Y %B}\n{calendar}"; + }; + + temperature = { + thermal-zone = 2; + hwmon-path = "/sys/class/hwmon/hwmon2/temp1_input"; + critical-threshold = 80; + format-critical = "󰔏 {temperatureC}°C"; + format = "󰔏 {temperatureC}°C"; + }; + + cpu = { + format = "󰻠 {usage}%"; + tooltip = true; + on-click = "btop"; + }; + + memory = { + format = "󰍛 {}%"; + on-click = "btop"; + }; + + disk = { + interval = 30; + format = "󰋊 {percentage_used}%"; + path = "/"; + on-click = "btop"; + }; + + # RIGHT + "battery" = { + "states" = { + # "good"= 95; + "warning" = 30; + "critical" = 15; + }; + "format" = "{capacity}% {icon}"; + "format-full" = "{capacity}% {icon}"; + "format-charging" = "{capacity}% "; + "format-plugged" = "{capacity}% "; + "format-alt" = "{time} {icon}"; + # "format-good"= ""; // An empty format will hide the module + # "format-full"= ""; + "format-icons" = [ + "" + "" + "" + "" + "" + ]; + }; + "battery#bat2" = { + "bat" = "BAT2"; + }; + + pulseaudio = { + format = "{icon} {volume}%"; + format-bluetooth = "󰂰 {volume}%"; + format-bluetooth-muted = "󰂲 "; + format-muted = "󰖁 "; + format-source = "󰍬 {volume}%"; + format-source-muted = "󰍭 "; + format-icons = { + headphone = "󰋋"; + hands-free = "󰂑"; + headset = "󰂑"; + phone = "󰏲"; + portable = "󰦧"; + car = "󰄋"; + default = [ + "󰕿" + "󰖀" + "󰕾" + ]; + }; + scroll-step = 5; + on-click = "pavucontrol"; + on-click-right = "wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle"; + }; + + network = { + format-wifi = "󰤨 {essid} ({signalStrength}%)"; + format-ethernet = "󰈀 {ipaddr}/{cidr}"; + tooltip-format = "{ifname} via {gwaddr} "; + format-linked = "󰈀 {ifname} (No IP)"; + format-disconnected = "󰖪 Disconnected"; + # on-click = "wofi-wifi-menu"; + # on-click-right = "nmcli radio wifi toggle"; + }; + + bluetooth = { + format = "󰂯 {status}"; + format-connected = "󰂱 {device_alias}"; + format-connected-battery = "󰂱 {device_alias} {device_battery_percentage}%"; + tooltip-format = "{controller_alias}\t{controller_address}\n\n{num_connections} connected"; + tooltip-format-connected = "{controller_alias}\t{controller_address}\n\n{num_connections} connected\n\n{device_enumerate}"; + tooltip-format-enumerate-connected = "{device_alias}\t{device_address}"; + tooltip-format-enumerate-connected-battery = "{device_alias}\t{device_address}\t{device_battery_percentage}%"; + # on-click = "wofi-bluetooth-menu"; + # on-click-right = "bluetoothctl power toggle"; + }; + + "power-profiles-daemon" = { + format = "{icon}"; + "tooltip-format" = "Power profile: {profile}\nDriver: {driver}"; + tooltip = true; + "format-icons" = { + default = ""; + performance = ""; + balanced = ""; + "power-saver" = ""; + }; + }; + + backlight = { + format = "{percent}% {icon}"; + "format-icons" = [ + "" + "" + "" + "" + "" + "" + "" + "" + "" + ]; + }; + + "custom/notifications" = { + format = "{icon} {}"; + format-icons = { + notification = ""; + none = ""; + dnd-notification = "󰂛"; + dnd-none = "󰂛"; + inhibited-notification = ""; + inhibited-none = ""; + dnd-inhibited-notification = "󰂛"; + dnd-inhibited-none = "󰂛"; + }; + return-type = "json"; + exec-if = "which swaync-client"; + exec = "swaync-client -swb"; + on-click = "swaync-client -t -sw"; + on-click-right = "swaync-client -d -sw"; + escape = true; + tooltip = false; + }; + + "sway/language" = { + format = "{}"; + }; + + "tray" = { + "spacing" = 10; + }; + + "custom/power" = { + format = "⏻ "; + tooltip = false; + menu = "on-click"; + "menu-file" = ./waybar/power_menu.xml; + "menu-actions" = { + shutdown = "shutdown 0"; + reboot = "reboot"; + logout = "loginctl terminate-session $(loginctl list-sessions | grep seat0 | awk '{print $1}')"; + }; + }; + + }; + }; + + style = builtins.readFile ./waybar/waybar.css; + }; + }; +} diff --git a/flakes/common/hm_modules/de_sway/waybar/power_menu.xml b/common/desktop_environment/sway/home_manager/waybar/power_menu.xml similarity index 100% rename from flakes/common/hm_modules/de_sway/waybar/power_menu.xml rename to common/desktop_environment/sway/home_manager/waybar/power_menu.xml diff --git a/flakes/common/hm_modules/de_sway/waybar/waybar.css b/common/desktop_environment/sway/home_manager/waybar/waybar.css similarity index 100% rename from flakes/common/hm_modules/de_sway/waybar/waybar.css rename to common/desktop_environment/sway/home_manager/waybar/waybar.css diff --git a/flakes/common/hm_modules/de_sway/wofi.nix b/common/desktop_environment/sway/home_manager/wofi.nix similarity index 100% rename from flakes/common/hm_modules/de_sway/wofi.nix rename to common/desktop_environment/sway/home_manager/wofi.nix diff --git a/flakes/secrets/flake.lock b/common/flake.lock similarity index 77% rename from flakes/secrets/flake.lock rename to common/flake.lock index 190b4a5..78e7a15 100644 --- a/flakes/secrets/flake.lock +++ b/common/flake.lock @@ -3,7 +3,7 @@ "agenix": { "inputs": { "darwin": "darwin", - "home-manager": "home-manager", + "home-manager": "home-manager_2", "nixpkgs": [ "ragenix", "nixpkgs" @@ -81,6 +81,25 @@ } }, "home-manager": { + "inputs": { + "nixpkgs": "nixpkgs" + }, + "locked": { + "lastModified": 1758313341, + "narHash": "sha256-SsI6INUzWwPcRKRaxvi50RttnD9rcC4EjV+67TOEfrQ=", + "owner": "rycee", + "repo": "home-manager", + "rev": "6f656618ebc71ca82d93d306a8aecb2c5f6f2ab2", + "type": "github" + }, + "original": { + "owner": "rycee", + "ref": "release-25.05", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_2": { "inputs": { "nixpkgs": [ "ragenix", @@ -102,7 +121,39 @@ "type": "github" } }, + "nix-flatpak": { + "locked": { + "lastModified": 1739444422, + "narHash": "sha256-iAVVHi7X3kWORftY+LVbRiStRnQEob2TULWyjMS6dWg=", + "owner": "gmodena", + "repo": "nix-flatpak", + "rev": "5e54c3ca05a7c7d968ae1ddeabe01d2a9bc1e177", + "type": "github" + }, + "original": { + "owner": "gmodena", + "ref": "latest", + "repo": "nix-flatpak", + "type": "github" + } + }, "nixpkgs": { + "locked": { + "lastModified": 1753345091, + "narHash": "sha256-CdX2Rtvp5I8HGu9swBmYuq+ILwRxpXdJwlpg8jvN4tU=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "3ff0e34b1383648053bba8ed03f201d3466f90c9", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-25.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { "locked": { "lastModified": 1741379970, "narHash": "sha256-Wh7esNh7G24qYleLvgOSY/7HlDUzWaL/n4qzlBePpiw=", @@ -123,7 +174,7 @@ "agenix": "agenix", "crane": "crane", "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs", + "nixpkgs": "nixpkgs_2", "rust-overlay": "rust-overlay" }, "locked": { @@ -142,6 +193,8 @@ }, "root": { "inputs": { + "home-manager": "home-manager", + "nix-flatpak": "nix-flatpak", "ragenix": "ragenix" } }, diff --git a/common/flake.nix b/common/flake.nix new file mode 100644 index 0000000..3070bb6 --- /dev/null +++ b/common/flake.nix @@ -0,0 +1,89 @@ +{ + inputs = { + # NOTE if you add/change any inputs here also add them in the TOP level repo's flake.nix + home-manager.url = "github:rycee/home-manager/release-25.05"; + ragenix.url = "github:yaxitech/ragenix"; + nix-flatpak.url = "github:gmodena/nix-flatpak/?ref=latest"; + + # disabled for now + # hyprland.url = "github:hyprwm/Hyprland"; + }; + + outputs = + { + home-manager, + ragenix, + nix-flatpak, + # hyprland, + ... + }: + { + nixosModules = { + default = + { + config, + lib, + pkgs, + ... + }: + { + imports = [ + home-manager.nixosModules.default + ragenix.nixosModules.age + nix-flatpak.nixosModules.nix-flatpak + # hyprland.nixosModules.default + ./_home_manager + ./options.nix + ./general + ./boot + ./desktop_environment + ./users + ./programs + ./secrets + ]; + config = { + nixpkgs.overlays = [ + # (final: prev: { + # wayland-protocols = + # nixpkgs-unstable.legacyPackages.${prev.stdenv.hostPlatform.system}.wayland-protocols; + # }) + ]; + _module.args = { + inherit ragenix; + # inherit hyprland; + # hyprlandPkgs = import hyprland.inputs.nixpkgs { + # system = pkgs.stdenv.hostPlatform.system; + # config = config.nixpkgs.config or { }; + # }; + }; + }; + }; + containers = { + forgejo = import ./_containers/forgejo.nix; + }; + }; + homeManagerModules = { + # hyprland = hyprland.homeManagerModules.default; + + zsh = import ./_home_manager/mods/zsh.nix; + tmux = import ./_home_manager/mods/tmux/tmux.nix; + atuin = import ./_home_manager/mods/atuin.nix; + zoxide = import ./_home_manager/mods/zoxide.nix; + starship = import ./_home_manager/mods/starship.nix; + direnv = import ./_home_manager/mods/direnv.nix; + ssh = import ./_home_manager/mods/ssh.nix; + git = import ./_home_manager/mods/git.nix; + nix_deprecations = import ./_home_manager/mods/nix_deprecations.nix; + + alacritty = import ./_home_manager/mods/alacritty.nix; + foot = import ./_home_manager/mods/foot.nix; + kitty = import ./_home_manager/mods/kitty.nix; + launcher_rofi = import ./_home_manager/mods/launcher_rofi.nix; + + obs = import ./_home_manager/mods/obs.nix; + postgres = import ./_home_manager/mods/postgres.nix; + slicer = import ./_home_manager/mods/slicer.nix; + + }; + }; +} diff --git a/common/general/default.nix b/common/general/default.nix new file mode 100644 index 0000000..49e8900 --- /dev/null +++ b/common/general/default.nix @@ -0,0 +1,211 @@ +{ + config, + lib, + ... +}: +let + ccfg = import ../config.nix; + cfg_path = [ + ccfg.custom_config_key + "general" + ]; + cfg = lib.attrsets.getAttrFromPath cfg_path config; + top_cfg = config.${ccfg.custom_config_key}; +in +{ + options = + { } + // lib.attrsets.setAttrByPath cfg_path { + flakeOptions = lib.mkOption { + type = lib.types.bool; + default = true; + description = "Enable nix flake options"; + }; + unfree = lib.mkOption { + type = lib.types.bool; + default = true; + description = "Enable unfree packages"; + }; + readWindowsDrives = lib.mkOption { + type = lib.types.bool; + default = true; + description = "Read windows drives"; + }; + disableRemoteBuildsOnLio = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Disable remote builds on lio"; + }; + timezone = lib.mkOption { + type = lib.types.str; + default = "America/Chicago"; + description = "Timezone"; + }; + defaultLocal = lib.mkOption { + type = lib.types.str; + default = "en_US.UTF-8"; + description = "Default locale"; + }; + fastShutdown = lib.mkOption { + type = lib.types.bool; + default = true; + description = "Fast shutdown"; + }; + enableSleep = lib.mkEnableOption (lib.mdDoc "Enable auto sleeping"); + hideBootLogs = lib.mkEnableOption (lib.mdDoc "Hide boot logs on startup"); + }; + imports = [ + ./shell/common.nix + ./fonts.nix + ./tty_caps_esc.nix + ./reporting.nix + ]; + config = { + # name this computer + networking = { + hostName = top_cfg.systemName; + nftables.enable = true; + nftables.flushRuleset = true; + firewall.enable = true; + }; + + # Enable flakes + nix.settings.experimental-features = lib.mkIf cfg.flakeOptions [ + "nix-command" + "flakes" + ]; + + # Allow unfree + nixpkgs.config.allowUnfree = cfg.unfree; + nixpkgs.config.allowUnfreePredicate = (pkg: cfg.unfree); + environment.variables = lib.mkIf cfg.unfree { + NIXPKGS_ALLOW_UNFREE = "1"; + }; + + # allow mounting ntfs filesystems + boot.supportedFilesystems = lib.mkIf cfg.readWindowsDrives [ "ntfs" ]; + + # make shutdown faster for waiting + systemd.extraConfig = lib.mkIf cfg.fastShutdown '' + DefaultTimeoutStopSec=8s + ''; + + nix.settings = { + max-jobs = "auto"; + # Fallback quickly if substituters are not available. + connect-timeout = 5; + download-attempts = 3; + download-buffer-size = 524288000; # default is 67108864, this increases to ~500MB + # The default at 10 is rarely enough. + log-lines = 50; + # Avoid disk full issues + max-free = (3000 * 1024 * 1024); + min-free = (1000 * 1024 * 1024); + # Avoid copying unnecessary stuff over SSH + builders-use-substitutes = true; + auto-optimise-store = true; + trusted-users = [ + "root" + "@wheel" + ]; + substituters = [ + "https://cache.nixos.org/" + "https://hyprland.cachix.org" + "https://cosmic.cachix.org/" + "https://nix-community.cachix.org" + ]; + trusted-substituters = config.nix.settings.substituters; + trusted-public-keys = [ + "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" + "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc=" + "cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE=" + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + ]; + }; + nix.extraOptions = '' + keep-outputs = true + keep-derivations = true + ${lib.optionalString ( + # TODO revisit this should it move? + config ? age && config.age ? secrets && config.age.secrets ? github_read_token + ) "!include ${config.age.secrets.github_read_token.path}"} + ''; + + # Enable zsh + programs.zsh.enable = true; + environment.pathsToLink = [ "/share/zsh" ]; + + # nix helper + programs.nh = { + enable = true; + # clean.enable = true; # TODO revist does this solve my re-building issues? + clean.extraArgs = "--keep 10"; + # `flake` path is set in users/default.nix for the primary user if set + }; + + # Remote build off home lio computer + programs.ssh.extraConfig = lib.mkIf (!cfg.disableRemoteBuildsOnLio) '' + Host lio_ + PubkeyAcceptedKeyTypes ssh-ed25519 + ServerAliveInterval 60 + IPQoS throughput + ${lib.optionalString ( + config ? age && config.age ? secrets && config.age.secrets ? nix2lio + ) "IdentityFile ${config.age.secrets.nix2lio.path}"} + ''; + nix = { + distributedBuilds = lib.mkIf (!cfg.disableRemoteBuildsOnLio) true; + buildMachines = lib.mkIf (!cfg.disableRemoteBuildsOnLio) [ + { + hostName = "lio"; + system = "x86_64-linux"; + protocol = "ssh-ng"; + maxJobs = 32; + speedFactor = 2; + supportedFeatures = [ + "nixos-test" + "benchmark" + "big-parallel" + "kvm" + "uid-range" # Often helpful + ]; + mandatoryFeatures = [ ]; + } + ]; + }; + + # TODO can I make this Roaming automatically somehow? + time.timeZone = cfg.timezone; + # Select internationalization properties. + i18n.defaultLocale = cfg.defaultLocal; + i18n.extraLocaleSettings = { + LC_ADDRESS = cfg.defaultLocal; + LC_IDENTIFICATION = cfg.defaultLocal; + LC_MEASUREMENT = cfg.defaultLocal; + LC_MONETARY = cfg.defaultLocal; + LC_NAME = cfg.defaultLocal; + LC_NUMERIC = cfg.defaultLocal; + LC_PAPER = cfg.defaultLocal; + LC_TELEPHONE = cfg.defaultLocal; + LC_TIME = cfg.defaultLocal; + }; + + # Turn off sleep + systemd.sleep.extraConfig = lib.mkIf (!cfg.enableSleep) '' + [Sleep] + AllowSuspend=no + AllowHibernation=no + AllowSuspendThenHibernate=no + AllowHybridSleep=no + ''; + + # Hide boot logs + boot.initrd.verbose = cfg.hideBootLogs; + boot.consoleLogLevel = lib.mkIf cfg.hideBootLogs 3; + boot.kernelParams = lib.mkIf cfg.hideBootLogs [ + "quiet" + "loglevel=3" + "systemd.show_status=false" + ]; + }; +} diff --git a/common/general/fonts.nix b/common/general/fonts.nix new file mode 100644 index 0000000..ebc1014 --- /dev/null +++ b/common/general/fonts.nix @@ -0,0 +1,59 @@ +{ + pkgs, + lib, + config, + ... +}: +let + hasNewJetbrainsMono = + if builtins.hasAttr "nerd-fonts" pkgs then + builtins.hasAttr "jetbrains-mono" pkgs."nerd-fonts" + else + false; + + jetbrainsMonoFont = + if hasNewJetbrainsMono then + pkgs.nerd-fonts.jetbrains-mono + else + (pkgs.nerdfonts.override { fonts = [ "JetBrainsMono" ]; }); + + ccfg = import ../config.nix; + cfg_path = [ + ccfg.custom_config_key + "general" + ]; + cfg = lib.attrsets.getAttrFromPath cfg_path config; +in +{ + options = + { } + // lib.attrsets.setAttrByPath cfg_path { + jetbrainsMonoFont = lib.mkOption { + type = lib.types.bool; + default = true; + description = "Enable jetbrains mono font"; + }; + japaneseFonts = lib.mkOption { + type = lib.types.bool; + default = true; + description = "Enable japanese fonts"; + }; + }; + + config = { + fonts.packages = + lib.optionals cfg.jetbrainsMonoFont [ + jetbrainsMonoFont + ] + ++ lib.optionals cfg.japaneseFonts ( + with pkgs; + [ + ipafont + kochi-substitute + noto-fonts-cjk-sans # Or another CJK font + ] + ); + + fonts.fontconfig.enable = true; + }; +} diff --git a/common/general/reporting.nix b/common/general/reporting.nix new file mode 100644 index 0000000..f769402 --- /dev/null +++ b/common/general/reporting.nix @@ -0,0 +1,80 @@ +{ + lib, + config, + ... +}: +let + ccfg = import ../config.nix; + cfg_path = [ + ccfg.custom_config_key + "general" + "reporting" + ]; + cfg = lib.attrsets.getAttrFromPath cfg_path config; +in +{ + options = + { } + // lib.attrsets.setAttrByPath cfg_path { + enable = lib.mkEnableOption "Reporting node info and logs to grafana"; + lokiUrl = lib.mkOption { + type = lib.types.str; + default = "http://h001.net.joshuabell.xyz:3100/loki/api/v1/push"; + description = "URL of the Loki instance to send logs to"; + }; + }; + + config = lib.mkIf cfg.enable { + services.prometheus.exporters.node = { + enable = true; + port = 9100; + }; + + # Create necessary directories with appropriate permissions + systemd.tmpfiles.rules = [ + "d /tmp/positions 1777 - - -" # World-writable directory for positions file + "f /tmp/positions.yaml 0666 - - -" # World-writable positions file + ]; + users.groups.systemd-journal.members = [ "promtail" ]; + services.promtail = { + enable = true; + extraFlags = [ + "-config.expand-env=true" + ]; + configuration = { + server = { + http_listen_port = 9080; + grpc_listen_port = 0; + }; + positions = { + filename = "/tmp/positions.yaml"; # Changed from /var/lib/promtail/positions.yaml + }; + clients = [ + { + url = cfg.lokiUrl; + } + ]; + scrape_configs = [ + { + job_name = "journal"; + journal = { + json = false; + max_age = "12h"; + path = "/var/log/journal"; + labels = { + job = "systemd-journal"; + host = config.networking.hostName; + }; + }; + relabel_configs = [ + { + source_labels = [ "__journal__systemd_unit" ]; + target_label = "unit"; + } + ]; + } + ]; + }; + }; + }; +} diff --git a/flakes/common/nix_modules/git/branch.func.sh b/common/general/shell/branch.func.sh similarity index 80% rename from flakes/common/nix_modules/git/branch.func.sh rename to common/general/shell/branch.func.sh index 3d6e26c..03908fc 100644 --- a/flakes/common/nix_modules/git/branch.func.sh +++ b/common/general/shell/branch.func.sh @@ -175,61 +175,10 @@ branch() { echo "Creating new worktree for branch '$branch_name' at '$wt_path'." # Try to add or update worktree from the resolved ref. Use a fallback path if needed. - - _branch__post_setup() { - local repo_dir="$1" wt_path="$2" - # Sentinel in worktree-specific git dir to avoid re-running - local git_dir sentinel - git_dir=$(git -C "$wt_path" rev-parse --git-dir 2>/dev/null || true) - sentinel="$git_dir/post-setup.done" - if [ -f "$sentinel" ]; then - return 0 - fi - _branch__auto_link "$repo_dir" "$wt_path" || true - _branch__bootstrap "$repo_dir" "$wt_path" || true - : > "$sentinel" 2>/dev/null || true - } - - _branch__auto_link() { - local repo_dir="$1" wt_path="$2" - local has_cfg - has_cfg=$(git -C "$repo_dir" config --get-all worktree.autolink 2>/dev/null | wc -l) - if [ "${BRANCH_AUTOLINK:-0}" -eq 1 ] || [ "$has_cfg" -gt 0 ]; then - if command -v link_ignored >/dev/null 2>&1; then - ( cd "$wt_path" && link_ignored --auto --no-fzf ) || true - fi - fi - } - - _branch__bootstrap() { - local repo_dir="$1" wt_path="$2" - local mode cmd - mode=$(git -C "$repo_dir" config --get worktree.bootstrap 2>/dev/null || true) - if [ -n "${BRANCH_BOOTSTRAP_CMD:-}" ]; then - cmd="$BRANCH_BOOTSTRAP_CMD" - elif [ -n "$mode" ]; then - cmd="$mode" - else - case "${BRANCH_BOOTSTRAP:-skip}" in - auto) - if [ -f "$wt_path/pnpm-lock.yaml" ]; then cmd="pnpm i --frozen-lockfile" - elif [ -f "$wt_path/yarn.lock" ]; then cmd="yarn install --frozen-lockfile || yarn install --immutable" - elif [ -f "$wt_path/package-lock.json" ]; then cmd="npm ci" - else cmd=""; fi - ;; - skip|0|false) cmd="" ;; - 1|true) cmd="npm ci" ;; - esac - fi - [ -z "$cmd" ] && return 0 - ( cd "$wt_path" && eval "$cmd" ) || true - } - if [ "$local_exists" -eq 1 ]; then if git -C "$repo_dir" worktree add "$wt_path" "$branch_name" 2>/dev/null; then cd "$wt_path" || return 1 _branch__maybe_set_tmux_name "$branch_name" "$prev_branch" || true - _branch__post_setup "$repo_dir" "$wt_path" || true return 0 fi @@ -237,7 +186,6 @@ branch() { if git -C "$repo_dir" worktree add -b "$branch_name" "$wt_path" "$branch_from" 2>/dev/null; then cd "$wt_path" || return 1 _branch__maybe_set_tmux_name "$branch_name" "$prev_branch" || true - _branch__post_setup "$repo_dir" "$wt_path" || true return 0 fi fi @@ -249,7 +197,6 @@ branch() { if git -C "$repo_dir" worktree add "$wt_path" "$branch_name" 2>/dev/null; then cd "$wt_path" || return 1 _branch__maybe_set_tmux_name "$branch_name" "$prev_branch" || true - _branch__post_setup "$repo_dir" "$wt_path" || true return 0 else git -C "$repo_dir" branch -D "$branch_name" 2>/dev/null || true diff --git a/flakes/common/nix_modules/git/branchd.func.sh b/common/general/shell/branchd.func.sh similarity index 100% rename from flakes/common/nix_modules/git/branchd.func.sh rename to common/general/shell/branchd.func.sh diff --git a/common/general/shell/common.nix b/common/general/shell/common.nix new file mode 100644 index 0000000..c7bd3df --- /dev/null +++ b/common/general/shell/common.nix @@ -0,0 +1,73 @@ +{ + lib, + pkgs, + ... +}: +with lib; +{ + config = { + environment.systemPackages = with pkgs; [ + # Basics + vim + nano + wget + curl + jq + fastfetch + bat + htop + unzip + git + fzf + ripgrep + lsof + killall + hdparm + speedtest-cli + lf + ]; + + environment.shellAliases = { + n = "nvim"; + nn = "nvim --headless '+SessionDelete' +qa > /dev/null 2>&1 && nvim"; + bat = "bat --theme Coldark-Dark"; + cat = "bat --pager=never -p"; + # TODO this may not be needed now that I am using `nh` clean mode (see /hosts/_common/configuration.nix#programs.nh) + nix-boot-clean = "find '/boot/loader/entries' -type f ! -name 'windows.conf' | head -n -4 | xargs -I {} rm {}; nix store gc; nixos-rebuild boot; echo; df"; + ndr = "nix-direnv-reload"; + + # general unix + date_compact = "date +'%Y%m%d'"; + date_short = "date +'%Y-%m-%d'"; + ls = "ls --color -Gah"; + ll = "ls --color -Galh"; + lss = "du --max-depth=0 -h {.,}* 2>/dev/null | sort -hr"; + psg = "ps aux | head -n 1 && ps aux | grep -v 'grep' | grep"; + cl = "clear"; + + # git + status = "git status"; + diff = "git diff"; + branches = "git branch -a"; + gcam = "git commit -a -m"; + gcm = "git commit -m"; + stashes = "git stash list"; + bd = "branch default"; + li = "link_ignored"; + bx = "branchdel"; + b = "branch"; + + # ripgrep + rg = "rg --no-ignore"; + rgf = "rg --files --glob '!/nix/store/**' 2>/dev/null | rg"; + }; + + environment.shellInit = lib.concatStringsSep "\n\n" [ + (builtins.readFile ./common.sh) + (builtins.readFile ./tmux_helpers.sh) + (builtins.readFile ./branch.func.sh) + (builtins.readFile ./branchd.func.sh) + (builtins.readFile ./link_ignored.func.sh) + ]; + }; +} diff --git a/flakes/common/nix_modules/git/utils.func.sh b/common/general/shell/common.sh similarity index 60% rename from flakes/common/nix_modules/git/utils.func.sh rename to common/general/shell/common.sh index 1ebdae3..3c23918 100644 --- a/flakes/common/nix_modules/git/utils.func.sh +++ b/common/general/shell/common.sh @@ -1,3 +1,70 @@ +# Check if ~/.config/environment exists and source all files within it +if [ -d "$HOME/.config/environment" ]; then + for file in "$HOME/.config/environment/"*; do + if [ -r "$file" ]; then + if ! . "$file"; then + echo "Failed to source $file" + fi + fi + done +fi + +# Basics +htop_psg () { + htop -p $(psg $1 | awk '{r=r s $2;s=","} END{print r}') +} + +htop_pid () { + htop -p $(ps -ef | awk -v proc=$1 '$3 == proc { cnt++;if (cnt == 1) { printf "%s",$2 } else { printf ",%s",$2 } }') +} + +psg_kill() { + ps aux | grep -v "grep" | grep "${1}" | awk '{print $2}' | while read -r pid; do + if [ -n "${pid}" ]; then + echo "killing ${pid}" + kill -9 "${pid}" &> /dev/null + fi + done +} + +psg_terminate() { + ps aux | grep -v "grep" | grep "${1}" | awk '{print $2}' | while read -r pid; do + if [ -n "${pid}" ]; then + echo "Terminating ${pid}" + kill -15 "${pid}" &> /dev/null + fi + done +} + +psg_skill() { + ps aux | grep -v "grep" | grep "${1}" | awk '{print $2}' | while read -r pid; do + if [ -n "${pid}" ]; then + echo "Killing ${pid}" + sudo kill -9 "${pid}" &> /dev/null + fi + done +} + +mail_clear() { + : > /var/mail/$USER +} + +speedtest_fs () { + dir=$(pwd) + drive=$(df -h ${dir} | awk 'NR==2 {print $1}') + echo Testing read speeds on drive ${drive} + sudo hdparm -Tt ${drive} + test_file=$(date +%u%m%d) + test_file="${dir}/speedtest_fs_${test_file}" + echo + echo Testing write speeds into test file: ${test_file} + dd if=/dev/zero of=${test_file} bs=8k count=10k; rm -f ${test_file} +} + +speedtest_internet () { + speedtest-cli +} + # git getdefault () { git remote show origin | grep "HEAD branch" | sed 's/.*: //' @@ -78,7 +145,7 @@ stash() { read -e -p "Stash label [default: $default_label]: " label fi label=${label:-$default_label} - git stash push -u -k -m "$label" + git stash push -m "$label" } pop() { @@ -105,6 +172,20 @@ delstash() { git stash drop "$stash_ref" } +# nix +alias nixpkgs=nixpkg +nixpkg () { + if [ $# -eq 0 ]; then + echo "Error: No arguments provided. Please specify at least one package." + return 1 + fi + cmd="nix shell" + for pkg in "$@"; do + cmd="$cmd \"nixpkgs#$pkg\"" + done + eval $cmd +} + # Marks some files as in "git" but they won't actually get pushed up to the git repo # Usefull for `gintent .envrc flake.lock flake.nix` to add nix items required by flakes in a git repo that won't want flakes added gintent() { @@ -131,3 +212,9 @@ gintent_undo() { done } alias gintentnix_undo="gintent_undo .envrc flake.lock flake.nix" + + +# Aider +aider () { + http_proxy="" all_proxy="" https_proxy="" AZURE_API_BASE=http://100.64.0.8 AZURE_API_VERSION=2025-01-01-preview AZURE_API_KEY=1 nix run "nixpkgs#aider-chat-full" -- aider --dark-mode --no-gitignore --no-check-update --no-auto-commits --model azure/gpt-4.1-2025-04-14 $@ +} diff --git a/flakes/common/nix_modules/git/link_ignored.func.sh b/common/general/shell/link_ignored.func.sh similarity index 71% rename from flakes/common/nix_modules/git/link_ignored.func.sh rename to common/general/shell/link_ignored.func.sh index 63d8aa0..0043ed9 100644 --- a/flakes/common/nix_modules/git/link_ignored.func.sh +++ b/common/general/shell/link_ignored.func.sh @@ -1,14 +1,12 @@ link_ignored() { local DRY_RUN=0 local USE_FZF=1 - local AUTO=0 local -a PATTERNS=() while [ $# -gt 0 ]; do case "$1" in --dry-run) DRY_RUN=1; shift ;; --no-fzf) USE_FZF=0; shift ;; - --auto) AUTO=1; shift ;; -h|--help) link_ignored_usage; return 0 ;; --) shift; break ;; *) PATTERNS+=("$1"); shift ;; @@ -17,16 +15,11 @@ link_ignored() { link_ignored_usage() { cat </dev/null || true) - - if [ ${#cfg[@]} -gt 0 ]; then - PATTERNS=("${cfg[@]}") - return 0 - fi - - if [ -n "${LINK_IGNORED_DEFAULTS:-}" ]; then - if [ -n "${ZSH_VERSION:-}" ]; then - eval "PATTERNS=(${=LINK_IGNORED_DEFAULTS})" - else - read -r -a PATTERNS <<< "$LINK_IGNORED_DEFAULTS" - fi - return 0 - fi - return 1 - } - - # Try to load defaults if none provided - if [ ${#PATTERNS[@]} -eq 0 ]; then - _li_load_defaults || true - fi - - # If AUTO requested and we have patterns, skip fzf - if [ $AUTO -eq 1 ] && [ ${#PATTERNS[@]} -gt 0 ]; then - USE_FZF=0 - fi - local -a candidates=() while IFS= read -r -d '' file; do candidates+=("$file") @@ -99,18 +60,6 @@ EOF [ "$found" -eq 0 ] && tops+=("$top") done - # Hard-coded top-level excludes to avoid noisy build outputs - local -a EXCLUDES=(build dist) - if [ ${#tops[@]} -gt 0 ]; then - local -a tops_filtered=() - for t in "${tops[@]}"; do - local skip=0 - for e in "${EXCLUDES[@]}"; do [ "$t" = "$e" ] && skip=1 && break; done - [ $skip -eq 0 ] && tops_filtered+=("$t") - done - tops=("${tops_filtered[@]}") - fi - if [ ${#tops[@]} -eq 0 ]; then echo "No top-level ignored/untracked entries found in $repo_root" return 0 @@ -138,7 +87,7 @@ EOF local -a chosen if command -v fzf >/dev/null 2>&1 && [ "$USE_FZF" -eq 1 ]; then local selected - selected=$(printf "%s\n" "${filtered[@]}" | fzf --multi --height=40% --border --prompt="Select items to link: " --preview "if [ -f '$repo_root'/{} ]; then bat --color always --paging=never --style=plain '$repo_root'/{}; else ls -la '$repo_root'/{}; fi") + selected=$(printf "%s\n" "${filtered[@]}" | fzf --multi --height=40% --border --prompt="Select files to link: " --preview "if [ -f '$repo_root'/{} ]; then bat --color always --paging=never --style=plain '$repo_root'/{}; else ls -la '$repo_root'/{}; fi") if [ -z "$selected" ]; then echo "No files selected." && return 0 fi diff --git a/flakes/common/nix_modules/tmux/tmux_helpers.sh b/common/general/shell/tmux_helpers.sh similarity index 100% rename from flakes/common/nix_modules/tmux/tmux_helpers.sh rename to common/general/shell/tmux_helpers.sh diff --git a/common/general/tty_caps_esc.nix b/common/general/tty_caps_esc.nix new file mode 100644 index 0000000..7223bfe --- /dev/null +++ b/common/general/tty_caps_esc.nix @@ -0,0 +1,33 @@ +{ + lib, + pkgs, + config, + ... +}: +let + ccfg = import ../config.nix; + cfg_path = [ + ccfg.custom_config_key + "general" + ]; + cfg = lib.attrsets.getAttrFromPath cfg_path config; +in +{ + options = + { } + // lib.attrsets.setAttrByPath cfg_path { + ttyCapsEscape = lib.mkOption { + type = lib.types.bool; + default = true; + description = "Enable caps for escape key"; + }; + }; + config = lib.mkIf cfg.ttyCapsEscape { + services.xserver.xkb.options = "caps:escape"; + console = { + earlySetup = true; + packages = with pkgs; [ terminus_font ]; + useXkbConfig = true; # use xkb.options in tty. (caps -> escape) + }; + }; +} diff --git a/common/options.nix b/common/options.nix new file mode 100644 index 0000000..7bcb038 --- /dev/null +++ b/common/options.nix @@ -0,0 +1,18 @@ +{ + config, + lib, + ... +}: +let + ccfg = import ./config.nix; + cfg_path = "${ccfg.custom_config_key}"; + cfg = config.${cfg_path}; +in +{ + options.${cfg_path} = { + systemName = lib.mkOption { + type = lib.types.str; + description = "The name of the system."; + }; + }; +} diff --git a/common/programs/default.nix b/common/programs/default.nix new file mode 100644 index 0000000..c56a1ab --- /dev/null +++ b/common/programs/default.nix @@ -0,0 +1,43 @@ +{ config, lib, ... }: +let + ccfg = import ../config.nix; + cfg = config.${ccfg.custom_config_key}.programs; +in +{ + imports = [ + ./qFlipper.nix + ./rustDev.nix + ./uhkAgent.nix + ./tailnet.nix + ./ssh.nix + ./docker.nix + ./podman.nix + ./incus.nix + ./flatpaks.nix + ./virt-manager.nix + ]; + config = { + assertions = [ + ( + let + enabledVirtualizers = lib.filter (x: x.enabled) [ + { + name = "docker"; + enabled = cfg.docker.enable; + } + { + name = "podman"; + enabled = cfg.podman.enable; + } + ]; + in + { + assertion = lib.length enabledVirtualizers <= 1; + message = + "Only one virtualizer can be enabled at a time. Enabled: " + + lib.concatStringsSep ", " (map (x: x.name) enabledVirtualizers); + } + ) + ]; + }; +} diff --git a/common/programs/docker.nix b/common/programs/docker.nix new file mode 100644 index 0000000..c3aea93 --- /dev/null +++ b/common/programs/docker.nix @@ -0,0 +1,36 @@ +{ + config, + lib, + ... +}: +let + ccfg = import ../config.nix; + cfg_path = [ + ccfg.custom_config_key + "programs" + "docker" + ]; + cfg = lib.attrsets.getAttrFromPath cfg_path config; + users_cfg = config.${ccfg.custom_config_key}.users; +in +{ + options = + { } + // lib.attrsets.setAttrByPath cfg_path { + enable = lib.mkEnableOption "docker"; + }; + + config = lib.mkIf cfg.enable { + virtualisation.docker = { + enable = true; + autoPrune.enable = true; + }; + # TODO add admins? + users.extraGroups.docker.members = lib.mkIf (users_cfg.primary != null) [ users_cfg.primary ]; + environment.shellAliases = { + dockerv = "docker volume"; + dockeri = "docker image"; + dockerc = "docker container"; + }; + }; +} diff --git a/common/programs/flatpaks.nix b/common/programs/flatpaks.nix new file mode 100644 index 0000000..307fff2 --- /dev/null +++ b/common/programs/flatpaks.nix @@ -0,0 +1,66 @@ +{ + config, + lib, + ... +}: +let + ccfg = import ../config.nix; + cfg_path = [ + ccfg.custom_config_key + "programs" + "flatpaks" + ]; + cfg = lib.attrsets.getAttrFromPath cfg_path config; +in +{ + options = + { } + // lib.attrsets.setAttrByPath cfg_path { + enable = lib.mkEnableOption "flatpaks"; + packages = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = [ ]; + description = "List of Flatpak package names to install."; + }; + }; + + config = lib.mkIf cfg.enable { + services.flatpak = { + enable = true; + packages = cfg.packages; + overrides = { + global = { + Context.sockets = [ + "wayland" + "x11" + ]; + Context.devices = [ "dri" ]; # allow GPU access if desired + Environment = { + XCURSOR_PATH = "/run/host/user-share/icons:/run/host/share/icons"; + GTK_THEME = "Adwaita:dark"; + # Force wayland as much as possible. + ELECTRON_OZONE_PLATFORM_HINT = "auto"; # or 'auto' + GTK_USE_PORTAL = "1"; + OZONE_PLATFORM = "wayland"; + QT_QPA_PLATFORM = "xcb"; # force XCB for Flatpaks (XWayland) + }; + }; + "org.signal.Signal" = { + Environment = { + SIGNAL_PASSWORD_STORE = "gnome-libsecret"; + }; + Context = { + sockets = [ + "xfg-settings" + ]; + }; + }; + "com.google.Chrome" = { + Environment = { + CHROME_EXTRA_ARGS = "--enable-features=WaylandWindowDecorations --ozone-platform-hint=auto"; + }; + }; + }; + }; + }; +} diff --git a/common/programs/incus.nix b/common/programs/incus.nix new file mode 100644 index 0000000..01f0980 --- /dev/null +++ b/common/programs/incus.nix @@ -0,0 +1,33 @@ +{ + config, + lib, + ... +}: +let + ccfg = import ../config.nix; + cfg_path = [ + ccfg.custom_config_key + "programs" + "incus" + ]; + cfg = lib.attrsets.getAttrFromPath cfg_path config; + users_cfg = config.${ccfg.custom_config_key}.users; +in +{ + options = + { } + // lib.attrsets.setAttrByPath cfg_path { + enable = lib.mkEnableOption "incus"; + }; + + config = lib.mkIf cfg.enable { + virtualisation.incus = { + enable = true; + agent.enable = true; + ui.enable = true; + }; + + users.extraGroups.incus_admin.members = lib.mkIf (users_cfg.primary != null) [ users_cfg.primary ]; + users.extraGroups.incus.members = lib.mkIf (users_cfg.primary != null) [ users_cfg.primary ]; + }; +} diff --git a/common/programs/podman.nix b/common/programs/podman.nix new file mode 100644 index 0000000..8be88f9 --- /dev/null +++ b/common/programs/podman.nix @@ -0,0 +1,32 @@ +{ + config, + lib, + ... +}: +let + ccfg = import ../config.nix; + cfg_path = [ + ccfg.custom_config_key + "programs" + "podman" + ]; + cfg = lib.attrsets.getAttrFromPath cfg_path config; + users_cfg = config.${ccfg.custom_config_key}.users; +in +{ + options = + { } + // lib.attrsets.setAttrByPath cfg_path { + enable = lib.mkEnableOption "podman"; + }; + + config = lib.mkIf cfg.enable { + virtualisation.podman = { + enable = true; + dockerSocket.enable = true; + autoPrune.enable = true; + }; + # TODO add admins? + users.extraGroups.podman.members = lib.mkIf (users_cfg.primary != null) [ users_cfg.primary ]; + }; +} diff --git a/common/programs/qFlipper.nix b/common/programs/qFlipper.nix new file mode 100644 index 0000000..823ef99 --- /dev/null +++ b/common/programs/qFlipper.nix @@ -0,0 +1,33 @@ +{ + config, + lib, + pkgs, + ... +}: +let + ccfg = import ../config.nix; + cfg_path = [ + ccfg.custom_config_key + "programs" + "qFlipper" + ]; + cfg = lib.attrsets.getAttrFromPath cfg_path config; +in +{ + options = + { } + // lib.attrsets.setAttrByPath cfg_path { + enable = lib.mkEnableOption "qFlipper"; + }; + + config = lib.mkIf cfg.enable { + hardware.flipperzero.enable = true; + environment.systemPackages = with pkgs; [ qFlipper ]; + services.udev.extraRules = '' + #Flipper Zero serial port + SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="5740", ATTRS{manufacturer}=="Flipper Devices Inc.", GROUP="users", TAG+="uaccess" + #Flipper Zero DFU + SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="df11", ATTRS{manufacturer}=="STMicroelectronics", GROUP="users", TAG+="uaccess" + ''; + }; +} diff --git a/common/programs/rustDev.nix b/common/programs/rustDev.nix new file mode 100644 index 0000000..dd226fb --- /dev/null +++ b/common/programs/rustDev.nix @@ -0,0 +1,53 @@ +{ + config, + lib, + pkgs, + ... +}: +let + ccfg = import ../config.nix; + cfg_path = [ + ccfg.custom_config_key + "programs" + "rustDev" + ]; + cfg = lib.attrsets.getAttrFromPath cfg_path config; +in +{ + options = + { } + // lib.attrsets.setAttrByPath cfg_path { + enable = lib.mkEnableOption "rust development tools"; + repl = lib.mkOption { + type = lib.types.bool; + default = true; + description = "Enable the evcxr repl for `rust` command."; + }; + # TODO? + # channel = lib.mkOption { + # type = lib.types.str; + # default = "stable"; + # description = "The Rust release channel to use (e.g., stable, beta, nightly)."; + # }; + # version = lib.mkOption { + # type = lib.types.str; + # default = "latest"; + # description = "The specific version of Rust to use. Use 'latest' for the latest stable release."; + # }; + }; + + config = lib.mkIf cfg.enable { + environment.systemPackages = + with pkgs; + [ + rustup + gcc + ] + ++ (if cfg.repl then [ pkgs.evcxr ] else [ ]); + + environment.shellAliases = lib.mkIf cfg.repl { + rust = "evcxr"; + }; + }; + +} diff --git a/common/programs/ssh.nix b/common/programs/ssh.nix new file mode 100644 index 0000000..6b0cea7 --- /dev/null +++ b/common/programs/ssh.nix @@ -0,0 +1,97 @@ +{ + config, + lib, + pkgs, + ... +}: +let + ccfg = import ../config.nix; + cfg_path = [ + ccfg.custom_config_key + "programs" + "ssh" + ]; + cfg = lib.attrsets.getAttrFromPath cfg_path config; + users_cfg = config.${ccfg.custom_config_key}.users; +in +{ + options = + { } + // lib.attrsets.setAttrByPath cfg_path { + enable = lib.mkEnableOption "ssh"; + sshPortOpen = lib.mkOption { + type = lib.types.bool; + default = true; + description = "Open the ssh port."; + }; + fail2Ban = lib.mkOption { + type = lib.types.bool; + default = true; + description = "Enable fail2ban."; + }; + allowPasswordLogin = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Allow root password login."; + }; + }; + + config = lib.mkIf cfg.enable { + environment.systemPackages = with pkgs; [ + openssh + autossh + ]; + + # Use fail2ban + services.fail2ban = lib.mkIf cfg.fail2Ban { + enable = true; + # Ignore my tailnet + ignoreIP = [ + "100.64.0.0/10" + ]; + }; + + # Open ports in the firewall if enabled. + networking.firewall.allowedTCPPorts = lib.mkIf cfg.sshPortOpen [ + 22 # sshd + ]; + + # Enable the OpenSSH daemon. + services.openssh = { + enable = true; + settings = { + LogLevel = "VERBOSE"; + PermitRootLogin = "yes"; + PasswordAuthentication = cfg.allowPasswordLogin; + }; + }; + + # Ensure SSH key pair generation for non-root users + systemd.services = lib.mapAttrs' (name: _: { + name = "generate_ssh_key_${name}"; + value = { + description = "Generate SSH key pair for ${name}"; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + User = name; + Type = "oneshot"; + }; + script = '' + #!/run/current-system/sw/bin/bash + if [ ! -f /home/${name}/.ssh/id_ed25519 ]; then + if [ -v DRY_RUN ]; then + echo "DRY_RUN is set. Would generate SSH key for ${name}."; + else + echo "Generating SSH key for ${name}."; + mkdir -p /home/${name}/.ssh; + chmod 700 /home/${name}/.ssh; + /run/current-system/sw/bin/ssh-keygen -t ed25519 -f /home/${name}/.ssh/id_ed25519 -N ""; + fi + else + echo "SSH key already exists for ${name}."; + fi + ''; + }; + }) users_cfg.users; + }; +} diff --git a/common/programs/tailnet.nix b/common/programs/tailnet.nix new file mode 100644 index 0000000..bcbe53f --- /dev/null +++ b/common/programs/tailnet.nix @@ -0,0 +1,53 @@ +{ + config, + lib, + pkgs, + ... +}: +let + ccfg = import ../config.nix; + cfg_path = [ + ccfg.custom_config_key + "programs" + "tailnet" + ]; + cfg = lib.attrsets.getAttrFromPath cfg_path config; +in +{ + options = + { } + // lib.attrsets.setAttrByPath cfg_path { + enable = lib.mkEnableOption "enable tailnet"; + useHeadscale = lib.mkOption { + type = lib.types.bool; + default = true; + description = "Whether to use headscale login server."; + }; + enableExitNode = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Whether to enable exit node."; + }; + }; + + config = lib.mkIf cfg.enable { + environment.systemPackages = with pkgs; [ tailscale ]; + services.tailscale = { + enable = true; + openFirewall = true; + useRoutingFeatures = if cfg.enableExitNode then "both" else "client"; + authKeyFile = lib.mkIf ( + config ? age && config.age ? secrets && config.age.secrets ? headscale_auth + ) config.age.secrets.headscale_auth.path; + extraUpFlags = + (lib.optionals cfg.useHeadscale [ + "--login-server=https://headscale.joshuabell.xyz" + ]) + ++ (lib.optionals cfg.enableExitNode [ "--advertise-exit-node" ]); + + }; + networking.firewall.trustedInterfaces = [ config.services.tailscale.interfaceName ]; + networking.firewall.checkReversePath = "loose"; + }; + +} diff --git a/common/programs/uhkAgent.nix b/common/programs/uhkAgent.nix new file mode 100644 index 0000000..90a9c3a --- /dev/null +++ b/common/programs/uhkAgent.nix @@ -0,0 +1,31 @@ +{ + config, + lib, + pkgs, + ... +}: +let + ccfg = import ../config.nix; + cfg_path = [ + ccfg.custom_config_key + "programs" + "uhkAgent" + ]; + cfg = lib.attrsets.getAttrFromPath cfg_path config; +in +{ + options = + { } + // lib.attrsets.setAttrByPath cfg_path { + enable = lib.mkEnableOption "uhk agent (ultimate hacking keyboard)"; + }; + + config = lib.mkIf cfg.enable { + environment.systemPackages = with pkgs; [ + uhk-agent + uhk-udev-rules + ]; + services.udev.packages = [ pkgs.uhk-udev-rules ]; + }; + +} diff --git a/common/programs/virt-manager.nix b/common/programs/virt-manager.nix new file mode 100644 index 0000000..fb837b1 --- /dev/null +++ b/common/programs/virt-manager.nix @@ -0,0 +1,42 @@ +{ + config, + lib, + ... +}: +let + ccfg = import ../config.nix; + cfg_path = [ + ccfg.custom_config_key + "programs" + "virt-manager" + ]; + cfg = lib.attrsets.getAttrFromPath cfg_path config; + users_cfg = config.${ccfg.custom_config_key}.users; +in +{ + options = + { } + // lib.attrsets.setAttrByPath cfg_path { + enable = lib.mkEnableOption "Enable virt manager/quemu"; + users = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = builtins.attrNames users_cfg; + description = "Users to configure for virt-manager."; + }; + }; + + config = lib.mkIf cfg.enable { + services.qemuGuest.enable = true; + services.spice-vdagentd.enable = true; + programs.virt-manager = { + enable = true; + }; + + virtualisation = { + libvirtd.enable = true; + spiceUSBRedirection.enable = true; + }; + + users.groups.libvirtd.members = cfg.users; + }; +} diff --git a/common/secrets/default.nix b/common/secrets/default.nix new file mode 100644 index 0000000..7944a47 --- /dev/null +++ b/common/secrets/default.nix @@ -0,0 +1,77 @@ +{ + config, + ragenix, + lib, + pkgs, + ... +}@args: + +let + ccfg = import ../config.nix; + cfg_path = [ + ccfg.custom_config_key + "secrets" + ]; + cfg = lib.attrsets.getAttrFromPath cfg_path config; + users_cfg = config.${ccfg.custom_config_key}.users; + + secretsRaw = import ./secrets/secrets.nix; + systemName = lib.attrsets.getAttrFromPath [ + ccfg.custom_config_key + "systemName" + ] config; + authorityMarker = "authority"; + + # Key matches this host if its trailing comment contains "@" + matchesThisSystem = key: lib.strings.hasInfix "@${systemName}" key; + # Key is the authority key if its comment contains the marker string + matchesAuthority = key: lib.strings.hasInfix authorityMarker key; + + keepSecret = + attrs: + let + keys = attrs.publicKeys or [ ]; + in + lib.any (k: matchesThisSystem k) keys; + + # Any secrets that should be world-readable even after auto-import + worldReadable = [ + "zitadel_master_key" + "openwebui_env" + "vaultwarden_env" + ]; + + # Keep only secrets intended for this host (or that include the authority key) + filteredSecrets = lib.attrsets.filterAttrs (_name: attrs: keepSecret attrs) secretsRaw; +in +{ + options = + { } + // lib.attrsets.setAttrByPath cfg_path { + enable = lib.mkEnableOption "secrets"; + }; + config = lib.mkIf cfg.enable { + environment.systemPackages = [ + ragenix.packages.${pkgs.system}.default + pkgs.rage + ]; + + age = { + secrets = lib.attrsets.mapAttrs' ( + name: _attrs: + let + base = lib.removeSuffix ".age" name; + in + lib.nameValuePair base ( + { + file = ./. + "/secrets/${name}"; + owner = users_cfg.primary; + } + // lib.optionalAttrs (lib.elem base worldReadable) { + mode = "444"; + } + ) + ) filteredSecrets; + }; + }; +} diff --git a/common/secrets/secrets/github_read_token.age b/common/secrets/secrets/github_read_token.age new file mode 100644 index 0000000..3ddcbd6 --- /dev/null +++ b/common/secrets/secrets/github_read_token.age @@ -0,0 +1,42 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USBJRmpU +K2tCT1RTNzBhQlNzSHlIZDB4UFNCRDhiY1puVHQxN0QzSDNIbWhFCkdPVTFLYUcv +MW1FMnUyVG9xVE5KaVJQWlhFYmtaeGl2RGYyWWhtbEtTTFEKLT4gc3NoLWVkMjU1 +MTkgSmh2TCtRIDBNalFocUZXRkZxMU10L1pWN1I5eUlGWXlrMVNLazR5RExycnZJ +K3BsaDQKVlZCUjRNL1hvMXFjRkd1VGVZNUp3ZnZBdW1qMEFpY3ZhYWFacmlZZEFa +SQotPiBzc2gtZWQyNTUxOSBTcENqQlEgSWRpT3BZZ0pHOWZjWkszZVg3OEZaZld5 +d2hOdXpYZ2tXVThMb0FTK2ZEQQpKY2xXT1dDeEp1LzlDcnoreVNvSHdCL2dDVFVs +bUUwQlU4Y3pXV0F1S3RNCi0+IHNzaC1lZDI1NTE5IEJZS0crdyBrMFJOd0xrcGp4 +TkpxTW1DZWUxc1BQVTc3S05scHEzQ2hVT1I3bWhQVnlZCkVZQ0dZMm82VG81Yzda +MUpmWjZRUUx3NVBwVTlUZmtaS2JJem5ETkR6eVUKLT4gc3NoLWVkMjU1MTkgWHpm +bWFRIGhoSVhmVVNlc0toR1pBemk5WGp4R0NYdFF0dWFjVlpVcWRQT0hIUlNhazAK +czdFNlIydWFYSnBuTXNBQXE3eTZtUTBpUUJrdFFZMUZldFh4TXpVWEswSQotPiBz +c2gtZWQyNTUxOSBSNSt4ZncgYXp5MElHS04vVlV2b1RoU3RRUTRCeFlHWjRLajFt +L01Pdi83YnRjNndWTQpFVDk2djEyVFVaUHQyTGliZDRFM0Y0Vi96STFJR0Nqa1hn +a2VYVFhzelNnCi0+IHNzaC1lZDI1NTE5IFJvWDVQUSBET2dPUk5rYm9wVHczaE0w +L2hpa0F3emZqNDBxR2c1OUVVNnBNeVc1SzBRCmhIWmFKTnl2TFFBRUpyejhEMFBj +cVR6RkZHS3lpZzd6MzgrQml5QXpWdjAKLT4gc3NoLWVkMjU1MTkgRjRiYjhnIFVk +cE1YSS9rdzBsTk0xNGtlRjJSV2llNVhYOUsvdVVFam1wUU82czNTUlkKQTdLcFdk +akErdWRrUXZET1hjL2J4UFJzdkNFVTlEUWJFWTFaczQ1VmxDNAotPiBzc2gtZWQy +NTUxOSB3ZHJaSkEgQVNMandOOVFiN2xuQTd2MC9UUmt2MVg2YUlzcHBHaEJBWG1E +Y0srMU9UYwpGQnh6L09qY2JvL0tqcGNnWldkWUVzRHk1QVJvN1N0YlRVNCtlMlV6 +MUNVCi0+IHNzaC1lZDI1NTE5IDVhZHFNZyBJR0RzZWpCNHNHcXBhQVErVUwxcG9t +K0M5RSt0M2R6SFpwYzB5MXZFQVM4Cll2NmJrQkMwNkFGbWM2bHJ2THhNbG9XS0dk +cmEzWUFCdXBLS1dyNWh0aU0KLT4gc3NoLWVkMjU1MTkgWmUxTXdRIElaN2h2aHRO +bDRtNUlrMlNmOWVSYlpvR2VVeWRxL25vMnFjVUVmc215ejAKVlBmcTFtN3BUZXJx +eUg0eXY2S3V0ZklGNzFnK09yRUJacnZYUllkUzF0bwotPiBzc2gtZWQyNTUxOSBw +ZUZCUWcgU1J3VG1lVDlCNmNVZ2hZbXI4ZDhZdE9jYnNkNHpQclpqQmdGcFhuYTBI +RQpkMnhjZlYrWjBPZVk0UGt5UEZmQzZoOUxSVG8zMVl6MlZCT1JneWJuWVdnCi0+ +IHNzaC1lZDI1NTE5IDl2LzJIQSA5RldGVWx4aU9ZVUNQdlJTRUVqbS9CajlnTEdR +NFlCZnEwSy9rRGNIM1RRCkxKN2FUQTBVbVA5SnVZSDlGcXFKL0M1NGhONFhLamF3 +Z0VNZ1VSSEFKSlkKLT4gc3NoLWVkMjU1MTkga0hrMmdBIElkSFNJWnZ3WFA3V1J0 +aFNqN0RTQUEvNkRkeHI5QkR3K0RuQ2NnZTFQU1UKb0dKd3gyYWdPd0NyUEZDWUhB +eUdaZzIzWEtkNGdUZzZScWpOUzN6K2dCTQotPiBzc2gtZWQyNTUxOSBJb3NBQlEg +eGNINUY0UElXbUQvUklPY2c1S1A4OXh0UWRsTjFGUTg3dW9BM0dyTVgwNApyN3pV +eHhUSnAxZ1ZpdmUva0lScWJxNGFWZDRMdm8zd09kay9ORXdOVkljCi0+IDMtZ3Jl +YXNlCldFN1JnNGM4Vmh1dE5wZUNGOC9NdktlSEFnCi0tLSByVzE2ZHZSdXRxQTZN +SjRTNlRtUHlRL2JPS1Yxd1lnalFFUGlWR1lKTjZvCgfzY9S+Cm6zaEAcrAr3fsev +9enyx9OmVTIIZltr52uqCYbWcsuCkDjHtwR3NXiSQB2HWhNe38l4l2K1+HGcoS7i +2TMD7o9Jx6QoWLHgmrn/zXL/VKyOj5a7P530AMzdqcgJ4U8641VN0W7L9u1Cw5EB +Ujzb1rKthf+txuP04aWYit69ZBdH7r+VkOGghXngwvBapwFF8AGUug== +-----END AGE ENCRYPTED FILE----- diff --git a/common/secrets/secrets/headscale_auth.age b/common/secrets/secrets/headscale_auth.age new file mode 100644 index 0000000..867be94 --- /dev/null +++ b/common/secrets/secrets/headscale_auth.age @@ -0,0 +1,40 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USBvbGZC +ZFZWZ2ZPWUlNdEZCSXBuYThubHpiNkFzb3Jldlh1QlF0UTZ0NHlZCjlHSTVrekQw +MDBsaU56Yk9IQVZaQWJDMVNoUWFlQmpJV2gyTXBXNEhNdDQKLT4gc3NoLWVkMjU1 +MTkgSmh2TCtRIDU0eDdqTStiUUlCUUcrYWhDWVRSQmxPNEIySk9NallHaVdNVFg5 +YXNPa1kKQ25PNGxjc1hid25Nd2R5RCttbHN1ci84T1pmQ0ZkNDM0R3FLbGdHRnRm +OAotPiBzc2gtZWQyNTUxOSBTcENqQlEgNjR5WkE4eUQrUGk1NHFMY3BjclZKWkd2 +TVd1QVNoVm96QkcwcHZmdG16dwpRQjY2V3dOOGo3VlJ5aTNLS0NqUVJ3VHNTWC8x +V05kbm5yQ3F0MWNFM2ZJCi0+IHNzaC1lZDI1NTE5IEJZS0crdyBFeDIrUWEyYjVw +QUdjSlBWQ0Y2N01uL3hxTWJiNkdCVkM3UTBZbDhBZWhNCnRraHhUb2NEMzJWbWl5 +SjJEenN0VjJCWlM3TXEyREN0ZysxSG9Rak9hMVUKLT4gc3NoLWVkMjU1MTkgWHpm +bWFRIGxYRDJta0x6QnNkTXJnQmZwWFlRL0wrNS9EUS9TVDJMRFhZWDBUKzRWaWcK +VXlwL01IYTdTTTY4Zk1FOHBMc3E4ck1DZHp6aHhEaXFBWFN3SGErcjhmUQotPiBz +c2gtZWQyNTUxOSBSNSt4ZncgVUozU1kvVVJsZ0F2Nnk4bmZnUUNyTU8rM1FCRjFY +bWVBZWNNUFZIcFQyTQpzK0Z1SXVFQWhFSnp0UGs0RHJIQlZrUUtlY0ZFTjdwSTZS +MXhjSTNpOHNnCi0+IHNzaC1lZDI1NTE5IFJvWDVQUSBvQkd5UlNUakhGY0dkRFly +SU4vM3A1Sm5xNnhIZm5PUjR5WFNLZ1ZmL21NCk00M3k0RnNjL2dkRVd6MmdGSW1G +aGt1dmwxN0VTQm1zeklDN2MzRmFqSUUKLT4gc3NoLWVkMjU1MTkgRjRiYjhnIFBQ +TGdvVjdEaEJDQ1FxbjhTOVdZTVdjLzJhc3lwdy83UHNyOWJPNk5ZRjQKMTdNemRQ +L1h6Tk1EVTdZcnFPRVdEZjhnU21hLzcrWk0zS05YSTV3ZGJQNAotPiBzc2gtZWQy +NTUxOSB3ZHJaSkEgTFcyc05mMnNVdWFDQWZUMGN6OWNZeGkrWlMyakV5RVhHaFJw +bmxiZ0lrYwozcit3dU84L0lVU0JXbVN3YnJoK0NPOUZKS3EvSkNPQ3FCWWhYZnhx +azhFCi0+IHNzaC1lZDI1NTE5IDVhZHFNZyBNWWJtTlVQTUo1SFh4b1Q4Vk8vUHdG +V0xLWjRXdVZxVVl0L2JMeTBrdWxJCmJvNGJ5Q0JUR0g4Q0pISmxTVll0OHl2dTFJ +dlNtR1A2aGVTUEZRMU5Hc1kKLT4gc3NoLWVkMjU1MTkgWmUxTXdRIFkxendRYm0y +aEc5dTAwQy9pLzBrbUpVVlpFbnlDdlI4bGh0Zy9oMmtVWHcKNDZuaTBDV1o5MXFV +NlBLVzlqc0ZzOUdMT3c2SmRYV3hVd044bzZoenFqVQotPiBzc2gtZWQyNTUxOSBw +ZUZCUWcgQ3VDSnNLMHc4N0dCQ0NOY0lscStpeHlKdXA2UGpqRVhjNDVzV0NCQUx3 +VQpkeU9FOE13bFlaQ0ErWlBFZ0VWWTVZZElQdEg5UFo1SVRSeEhqRnk2NEtFCi0+ +IHNzaC1lZDI1NTE5IDl2LzJIQSBaREtQS2ZsSmxSQml0bkZzd0prUXdvdkhBZzhY +VkNRZWZqdVNvODIxMDNNCkJVMWZUc0o5Q0g0Yi95czFaVkhwejh0QW5HcXZ1Tmdl +bWFKSUhITkxFYlUKLT4gc3NoLWVkMjU1MTkga0hrMmdBIGlNcjZMWEdjdHNpNWNl +ZzlrNklvVklXM0tDMGVnRWhuL3BYV3dMa1U2ajQKd2owZXUxSGlIVUI3cFRxbjA3 +eWFhZXVudlBpQnRMTEVwZXhSSFgyOEsvSQotPiBzc2gtZWQyNTUxOSBJb3NBQlEg +OXR4MFc0eDZQQ1IwclIxYm9kYk1DSkZBZ1RDMm4wYlEyb1VrRTBaNmpWNApwY1pu +RE9VTU9Mbm9Ea0twcnBNRUc5ZjdzYXRyRmw0MlVHZDZmTVVLZFBrCi0+IHwqflMt +Z3JlYXNlCgotLS0gNWpFR3lvdmVsN1V2WG01aHN2VjVUeDZORzRpRDZGK0RWTFRM +SytLcVZYZwrYTHZo/oozQZasJAFNVb3ZrSAjREvZzRRyz6Mj71Pj2H+dbFz9sZ+c ++B4DEN/4xfhm5FUsU2w8VCQ/E+186igURD2AyhUZxNFFVPUPJKUM9rY= +-----END AGE ENCRYPTED FILE----- diff --git a/common/secrets/secrets/nix2bitbucket.age b/common/secrets/secrets/nix2bitbucket.age new file mode 100644 index 0000000..0dd3a93 --- /dev/null +++ b/common/secrets/secrets/nix2bitbucket.age @@ -0,0 +1,50 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USAxNHJi +QjBYYnZsZTl1OXRwUDRXSGx4MmJOdzhHZXY2NUlaQ0hocFdlV240Ckw4U0FNSGFt +SmF1aW5mM0lseFZDUDR1ZkgyRFdkbHYrUHdITWUxanBrWHcKLT4gc3NoLWVkMjU1 +MTkgSmh2TCtRIC9vS1U5ajZ1MS9sdFZZbWs0cmlvc1VQRVNLZUxiQkRrS0xtWWx3 +LzMxQm8KdmU2V0pqZnNMajc4SVk5Skhnd0VQTmViMERIMWtqMEcrUGpHTXkzMGk0 +QQotPiBzc2gtZWQyNTUxOSBTcENqQlEgS0FzbGFCY2xtQjdlQ3p4UjJjUVdNRGsv +ekwvcWhEK2o1OFkzYW1zMy94ZwpSQTlwRVlKb2x3SlR2QkEwSFlhRi81bGRObWhw +OU9pdVBJcWRyZm8xQWpnCi0+IHNzaC1lZDI1NTE5IEJZS0crdyA5ZGMrR0xRcXJz +STlKbGhEYkdOYlYzZHBmZkJHUTVYSndEZk1ab09Pb25vCmJWVDZCYmVTSW5nRTVX +YzFHTnRMeGt5WE1Ydk0vZ3l3K0NhckwzbU5kN2MKLT4gc3NoLWVkMjU1MTkgWHpm +bWFRIHlJZG02U1JaZkVxVnhSc2VVZ21sdmJlMUh6eWhhK05lSkhES2J0L3JEUUUK +K3FacHVNbEIvWk5QQTV5RHpOU0tpYitJek96YjF1a2o3dTJmTnZya3lpSQotPiBz +c2gtZWQyNTUxOSBSNSt4ZncgUmcyWU94VEI0Vm1vUnpBWW9ieTYvQjFBM0hyY0ZU +QWZoaUFmSTRlTEFIZwpINEFkeFJnVVNINWlBaS9UK0V5aExoMnY0TDVjSFdITEJi +dzFpdm9wRGJBCi0+IHNzaC1lZDI1NTE5IFJvWDVQUSB0MVR0bE9tMEw2bzc0SHpY +N0JFWXFDbFJ3M3Rab2VtQUlLeUNUU2l1aTBNClNPTGpSTnFGeXpBcStjdnlmWllx +K20wdUVVVlZnb1FJbEdlQXVTWWpudDgKLT4gc3NoLWVkMjU1MTkgRjRiYjhnIDF0 +ZFlkaTNOMVNsV29rREJpaUdXSnFuQTlyd3pyM2I2bUtPL0ErUm9wR3MKenNsdEhl +TDVjSmdQSXR4S1ZWR285RTF1T0hhNEg2TFZCUXAraFkzdXo3awotPiBzc2gtZWQy +NTUxOSB3ZHJaSkEgVVNrblluWm1Dck1yelpURWZoeVFjaUJFaXdkZldOcCtFVzJQ +ajZUTmVsUQoyUmI4Tmttc21HemZDTmdERFhxZXlpdG1RVStiems5cVNaQWNIM3dv +RlI0Ci0+IHNzaC1lZDI1NTE5IDVhZHFNZyAvS3AwTW1kaUtlQnpjaXByQU1uRVM5 +RDgzMVhBSFRWSVdwczhxVXdUWDBFCnBDNjEzU3BUcCtRM2tDUVRBb0Jqd1pkK0Zo +WWJEb2gzaUlPTGRsZVlzZ0EKLT4gc3NoLWVkMjU1MTkgWmUxTXdRIHRnQndCVU9J +ZlQrdi81b2J2cmNzdXR6NHI0bW9LaHJqRlprTWZJM1RiRm8KSmpVQjF2U3BuVWVz +Y2orSlc2dUYrQWRYSHFPb0JRZloxZHo1KzduQkJycwotPiBzc2gtZWQyNTUxOSBw +ZUZCUWcgVG9LQnRwemt5T2VSVFBVK21acngxMHRDNDNxQlFxZU92NzRuK2U2aUwy +OApXamtRUENLSVBBM2ZmSVNtWkh1TW41dEQrRkNYQndBcUlOQnU2Ky9BMzA4Ci0+ +IHNzaC1lZDI1NTE5IDl2LzJIQSBveE5LTWhRZEhzeHBQVmo4amNBTzlHWlFVYURx +T3plT0lPaEpsb2F0RWhVCmh3aCtsU21zV0pYQzNmU3VqUXhhOHlYVEhsWDN1eHpD +UjRjVkEyTVhrVjAKLT4gc3NoLWVkMjU1MTkga0hrMmdBIDNMWEtrbWh1SWRwVUc0 +Vm9uYlcvK01xcEdSWkZuZzl4eng3NjlwRXNPamcKYlArYXkxYlMybTE0UnhvempS +bmlncUJtWjVZMWdHY3VvTHNvdExib2lzYwotPiBzc2gtZWQyNTUxOSBJb3NBQlEg +ZnJtVEdzL1RFK3M3TGFpVGo1Mi9aN1pLRS9TajQ1MlNqODVad1M4ZDh3cwpVSWpy +elZlT2dWTmhFaWJFUVFXWU5pT0dlam1jU0R2di9TUzVjUlY5b0RnCi0+IEJ6cnpI +NVktZ3JlYXNlID1YU3I8WkNjClRpZ2dHWkJIaVZVVkNwY1JwOFg2bTdzTnJBRjRs +SytLdFUyRldoTlpHSkRPY1ZQODRYY3RiVS9VNWtPeXBIc0MKeEdJY3UvTWdEZTVa +RXNvCi0tLSBLcUNEU1JhQnRCK0RMS1F3VEt1Ykl2MkhROG02NmY5bjVIem1JeWdQ +TXZnChn2UP3yo7fmH9JimBCsA8X6WLurks8pKMf5lb/yh92Uj+mbIz5R07Fpq0aC +nLa9VhNeQU4nYkotJUVPRGhBlh7xaVRoeaRfRy8n34TKNU+PQUFz6gv0OHkMDOKh +B3Z73OAJGaFAX1Q1SlM96ejHVMRdr8SNQao9QJvZq9EXyrejV1L8oS7cKHObfkEi +ylUPlNsH375zQ+rizYqO3jLBGNXpK3RTOX/3xadbAeccyBLrSaoE+eQi2nba2fSb +iLd6xNtltmDy4AzRwpmMPpD2EUlTV7iBCBlstK6v7k+VOAyH0PGIXTVUlHs8VORI +PHx8boVaGNn1b3XSD3CTflCRHxo7gSfXzcDEnfIbPsz97Z8GdQmV6fqIoWyWS3ZM +DFYdS7VBuKA7lUy9fu+UbP6OFjTu05rg35OcM6uzF6U4TVbKrGzaeyZzrokcXCbo +LNYJaI0FY+/bznL8/YqU/EJsAzgSZLApIzo3wLJhd6YK9Si17Lgf5N8sfUvHN8ax +naRZp7SlPmmzyhO82KwI8FXM7E+0mZ3CjfiEUmq9dz2plRGJaWCdMJ/SUv9EcTvG +Z/Uo +-----END AGE ENCRYPTED FILE----- diff --git a/common/secrets/secrets/nix2gitforgejo.age b/common/secrets/secrets/nix2gitforgejo.age new file mode 100644 index 0000000..9e9ac24 --- /dev/null +++ b/common/secrets/secrets/nix2gitforgejo.age @@ -0,0 +1,49 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USBtRTlJ +RHRaRVFZZ2Y2Uzl5dEZXSnplMlpYdy9UVVdvb0dSVFNGd25rcHhNCmp3ZHFneUJU +eW1PaGlncUdmVHNWblQvbkVxUDJpQ2p2OFJFVGtNb0pZcXMKLT4gc3NoLWVkMjU1 +MTkgSmh2TCtRIGdJOTRGVktSY21ob0JKam8zaDN0bkhIQjNieTVEcFl3aVBpSjhw +Nk9OSGsKVENrTkd4cmdaUnE2VWR4SU1ySWdvZGo3VnMxTFo2dklwSTFieUwycTdr +RQotPiBzc2gtZWQyNTUxOSBTcENqQlEgU0plOWVNNTNNTkxhSVN6ai92aTd6RFJ2 +WjFRMzdJUjAvbDN6MHVOMTNncwp3bVREblZMUE12WEVaOGpLVDBYZHdILzQ2UVBI +V3MwTTFwb2dwcDMxSFBnCi0+IHNzaC1lZDI1NTE5IEJZS0crdyA2L0NONmxjcGFr +T0xaRnhHQ0FFVVlseUtKcWJZbi9ISlZIclVOdTRNRDJBCitWRDBvQXdackV6QTRu +S1FPeXdLZGpvbjhBYllVY0UvZ3JEWWQvMHNOS0UKLT4gc3NoLWVkMjU1MTkgWHpm +bWFRIG9XOEhybjJFclFKWEhQeDlrY0xVRHZOcHQrK2RWa0hsZTc0eU1qRWlNMTAK +cnpLdGRDejAraERuNnVlZDBVV202TmdlSVREMVlPWFhpckdPY3Q4OTY0UQotPiBz +c2gtZWQyNTUxOSBSNSt4ZncgQWk4Q25xSFZSbHo1NDJ5VnJWcVN5L2NIQi9SQVJ2 +aWtWSHR6azk3QmhEYwpXQUtjb1JZSHNuOFZHWFZYcy9HdktJVGpvQ2xuQXU1Sndi +YlRWYWhiVmd3Ci0+IHNzaC1lZDI1NTE5IFJvWDVQUSBOZWtBQ2NDVmViYm9uZ2hu +akhMVzNlQ0hiNWEybVE0dTFwWGRpMlZGZlZJCkJncE1nTlZTaEl2dW90bERnQUhO +SWd5dzhYa2RMRVRFYS9rdkdEVTZIcVkKLT4gc3NoLWVkMjU1MTkgRjRiYjhnIHNi +OVZVblBBdVFuVE4xVGt1UzlMNDVtWGdBakVJaDVjanhmYWVPV3RXRjgKYTBOREpS +bVowSHlySFg1QWJFK0pPdnZJS0VQcjdXdERRbmdsOUFTeldMdwotPiBzc2gtZWQy +NTUxOSB3ZHJaSkEgdWY5U1BNTndYYWwveCtjeUxHOERGTEhMMXlSSEpyV0gva2pw +ZHNzSTRsMApQSm5BUmdMODZ2YmVaaFNxQVFaYk5KWFVEOVoyQjBQQzBxM2kwZEl6 +eXJjCi0+IHNzaC1lZDI1NTE5IDVhZHFNZyBVbG9ONlVPbW1QNmxENGJERGs1VEJU +Q0FhMlowVlZVVG8veG5tUWt2T0VJClJPZUY1T00vZitSRmdhWklrY202ci9yRG9M +RDRiTGpKWis5ditDVjJIRmcKLT4gc3NoLWVkMjU1MTkgWmUxTXdRIE1SY3pidWpw +TmVNbEV0ZXQwTDkzdEtkbVIwd1BrSG10UVhBRUY5VUt2eXcKSCs2VEc1VXhXWXBY +UHdRVFVtaGJUK2tBWWYvQTk5V1dEcDVReFJ6WkNJdwotPiBzc2gtZWQyNTUxOSBw +ZUZCUWcgVE51VHdqeEF5ckRqTUVGWGw5SGtkRGJCd0xoZzdNbDRUajZPdThCQk8y +cwprTW9tU2Z5d1RVRWNkR2M0WWNCRTRwb2VWcDNQdHFCWDBHZDhINUduN0djCi0+ +IHNzaC1lZDI1NTE5IDl2LzJIQSBOZlB6aHRWRmthWkpuekNza2tBUzRiNGFkSTUv +WVRNRGFKZXZ1Sm0rUDJvCjV1dzlyTFZxYndvZ3BKNGU0K0hwK2VhSmNYcmFHZk41 +RTlscS9uODR0R0UKLT4gc3NoLWVkMjU1MTkga0hrMmdBIC9sLzYvYnVpenRFUlZO +cTVmVnBpLzIwNlJrU0xYOEhKWStkOGRDU0dkVFUKbjlVQTlsRnBCci9ucUNMNkJC +WWpueFlqclA4YVc3RVpXeWZDQ25mWEE5YwotPiBzc2gtZWQyNTUxOSBJb3NBQlEg +bjJNa0RIcGZWdkxCUnBsU0p4L3lwUDdia3Q4L0Y3cllYVGJuQ3pZcjV3UQo5SGxu +SlQ0cFVOM3ZRZ3l0SkdVdk5vY0NLcVUrRXJ3SU5SekxaM1NWYy9NCi0+IEdTTEFp +OSF6LWdyZWFzZSAoJmR3Vi4gU3A/ICNuLSA7Ck9ZSjhhci9nVjl1L2dIR0twUm1i +NzRSOU1DM2Rwa3RsYnp4ZQotLS0gRGVpRXZiS2Vlc25HN1M2M0kxbUo0Uyt6OHgr +Q2loS1MwVzB3Uk9mcTd3MAr1KliXDwBENE5rxqhvy1XX1d59XdiWeqCepnPm78ET +YbVM6FN9H6UBwiwClc+os59UY1lxNyjvefVOfW4V0Jpo2f2aFWdsJxoJWSdomKzG +N2wQ4Yq8ESeuz4g7pwxWB3RsTr0w6Rnzuf7D4Syg9rpX1pqVinFhLOki1aK3ZIdk +tqhjkKFgWQbBM/6540W14uw1fPTIcdX8v5KHbTc9XyNA2MHamFc1GooYduqL6Ylr +ij3hM7/z+TdXxGu3+kqs3Yh5MFd+ePB+LFgAqiW3gv9nD5RmH3s/x8Oip+RLpoTw +7fwo8wgHByoDK6gz2SAOZ2Q/Px5YBqivleT0oVdrd/quLN5lU2aQt3OANTxzF+bP +DaAWwv/7pTaLB7lyqCTSw+C+UmgVXmnOi2MO7ex3tImNzwGVQfZG9mc5k13ltwsq +uxC3T9l8+fuo4iFUwCXfXlm3ZmcIcpjYE6rOlV4Y2EdmwwvwRhMljWf2OfNHlq4e +hLtKvsHf7+pMAX0ZsZMig6KH09V/RtGUr9KBWVG8CABPnPJBIzlGZPJdmO+G5eAx +cEUUkJzlcSCF6SDo1zG7QcT7vRSX4FjvOY579w== +-----END AGE ENCRYPTED FILE----- diff --git a/common/secrets/secrets/nix2github.age b/common/secrets/secrets/nix2github.age new file mode 100644 index 0000000..f56d0f8 --- /dev/null +++ b/common/secrets/secrets/nix2github.age @@ -0,0 +1,49 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USBYU2N0 +a1MzODQzb2JUbjJyQ0xTbUxlbjhJOExjNm1JOFd6bDNNZEp1TlJ3CktCUXFwWTJ0 +cUZVUldoRStJRHc2cjdwa0szQ0VPZTBsV0NiK2ZmQUQybW8KLT4gc3NoLWVkMjU1 +MTkgSmh2TCtRIEk0R0lSUitzVkRQb2hQamt3cGdQK1ptYXVkUkdXb2w2N3VsY3hY +emdNM0kKYXhod0FVMzJ4dFRCZXZBQTBJcFc0RWRsZUdqV1FkSldkVHFnbU50VlNx +TQotPiBzc2gtZWQyNTUxOSBTcENqQlEgaG5Fc0VOUHdJWlFsRGtOSEwxM2RHZHdh +anVJZWlOZ2dBRStmRkc5WU5nTQpiQzRwMnBIVHJoQldJeEdrOGVha1phbGRKZGZW +SGZiWUV3Rk5XdGxUZjFvCi0+IHNzaC1lZDI1NTE5IEJZS0crdyAzN1A4amFYM3Jt +UDNidlBaRDdpSTNLb1dmTDY5VDArc24yUWcwVGwrenpnCmoxVnlEMTFlZFhEeE92 +ZHJaeFJCY25sWTM4NWFnQlhpbCtodWZyeTVoaVkKLT4gc3NoLWVkMjU1MTkgWHpm +bWFRIENONGFuM2ViOHRGa1gzQS93a1RTaXkwVFlYd0tadG1nOFhra0VHa0Jua0EK +OElXcXgxd0FuVys4eUZwSXA2eCthRFNRTWpmSDFLU0FqSVlCUDJSNVJCOAotPiBz +c2gtZWQyNTUxOSBSNSt4ZncgOUtUeUFubGN2RUp3eGM4d1J3ejFaSXdaeWg4MnBu +VVNmUE9VRzdUNThtYwpVazRGNS9GMytrOGdBSVJhcWJ3TDNDUWVOMHFBd216a3dB +UkJmNmpSSkZNCi0+IHNzaC1lZDI1NTE5IFJvWDVQUSBFaUVFcE1aVnNrekwrZjdN +L2ZYZ0JreGRRM3FkYnFzdlViVk0zajE3ZFVRCjA0OUlLczBmaEJMMC9EU0k1K1Vq +Wmk4eC9wbXdvWG5UTlNMYlBiSTN2RVUKLT4gc3NoLWVkMjU1MTkgRjRiYjhnIHdI +RHY3U0VuekdYOS9FUVhBQlVtUlNQTDg1dEt3TnFzVzMwOTgyQktEeWsKRC9TUnJJ +cytpaTRGMm5wcXFuSE5ReU9seGFUWlBSa2FxbHQ3eE9Idmc0YwotPiBzc2gtZWQy +NTUxOSB3ZHJaSkEgTmp6SnhHV09BbzczdmVoaCtnOFdYaHorNWpmSDQwVmtJVFFx +Z2FTTnZWVQpnK0lTem9uTE9BZ3FqdVJ5YThmZ3o5RjlZNlhTUW5Zc1NsM2FBa1gx +RGdFCi0+IHNzaC1lZDI1NTE5IDVhZHFNZyB4ME5DK1BQUVFLcU1tYVZadG9hRVlM +WGFnd2lIVVNXSTNkZnhIaDNNSUY0CnpiUEZKeTVHTkFyYUdaeU4rWE54RmIxVjhC +NVkvQURrY1N6b0doN3MrYXcKLT4gc3NoLWVkMjU1MTkgWmUxTXdRIFZraHhvbndT +c085d1BFeXE5bGNWcitZaTBKdVduOGtPeVFRam1aWVpyQ3MKbE92VWFqVXF4dkZo +dElDN0p5S0xXemplSzFWUlJaZ2M3Uzl4UlhmOHllUQotPiBzc2gtZWQyNTUxOSBw +ZUZCUWcgbndmTFpuR3o5QzZsZzVBMzBnUlU5UGFoNFIrc1dYUmdCdHhYa1N6d2JG +awo5amhkT0p3YytiRmFLc05GRU1hL3FMbEppd1Vpd0xCbXE2T0dLanpTQ1pnCi0+ +IHNzaC1lZDI1NTE5IDl2LzJIQSBUQ3c1Rm52cjl6ZzhQNTQ5R2NEWTlWUlVNWVJ3 +VndHUmg4eWIzNERGZWxRCkNRZk43YWUvc05nYWtFYVlZNjBQbnNhK3RXTjZJMkU1 +OG1hcUtoUDQyUjAKLT4gc3NoLWVkMjU1MTkga0hrMmdBIHJGTk5SYXlKZkx5cEVJ +dUJQTVNkUWVkVCthU1c0eDMvbGJWN0dKU1dSeU0KYUVQMTFSNVNnZEFxV09UVHJm +VDhMcElMZ2NRQWVKSXJITU53NlZwK2dPWQotPiBzc2gtZWQyNTUxOSBJb3NBQlEg +YVgyMDhXL0RsaEFxSUhGTVh6c1BUeFgrd0lMUDg3blk0a2pocVJMbVZnRQpBb1hJ +c3pBOFRXMG9kTEt1Q1IvZW5GR0F6UTNLU3J6QmxGWGljT1pzb0NBCi0+IHN8OGhP +LTVaLWdyZWFzZSBKcTpVVyAvQlZYawp6bHZOYWpabVJhN3BNVEpQbDRWbUh1c3BP +UXlsSzJWdUdPMHpuWmF2QjNQd0ltUQotLS0gemVvbWt5LzErUlpmZXFxQmpMZFVq +czhiSVBFQVBVVFo2Q2hiaXNWQ1Zwcwrm4hQtiHjacGXqxDf8QBf6AdsiCFad+cAu +RA/fKJMnq8zc6NUDkvEAxrWxFLpLD9amqaxgh5889mWstPGaeCQEcWfjO7jl2jsM +duZsH2rtqfsaoWI1tsUiVKGtgprkI1TBwbtFYQ/aC+1AzOP4rnmuu4T/kIDbP+rn +SlILVnc458dAsDIUO0vYzNhy7z6oG0Nf6TnPehPocIakRXoLSN0d7fYmC5GDD+8m +v0ucVjpVlyXCyOHbl6COgLmz0HglXaQba+K1ZFWJJXwB3Ej/wYaS6r5rChe9RKJJ +tlCCDfOmUC1BgNH2PbPsaDwVmPe5itsAoJrzvq2mR5ho6kTX0dAPnu6A50G2TkTq +7OtmvcjVarHKO5mRLSaGKgBnxcdI9MPvKdLKb79mBgmp7lWbKqOfQL8W+mfdxWjI +F6DEPQ478W7QF5tIWYlHsDS4R7hKr7DPBxGLZEhKUYl6UJd8BietDQ+Pti19uoiC +1qwFIGoKGteEsW5HHfvxdp1hdboVoOh/MzwpksNqMOZIhS2aAr2EKQsUBB5TLL+v +JdEKGcLiRuxqa/6mVuEw2iqUfSBK+A== +-----END AGE ENCRYPTED FILE----- diff --git a/common/secrets/secrets/nix2gitjosh.age b/common/secrets/secrets/nix2gitjosh.age new file mode 100644 index 0000000..3abe011 --- /dev/null +++ b/common/secrets/secrets/nix2gitjosh.age @@ -0,0 +1,50 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USBXQXoz +bGYwc2NqNDBVYzVkeGxldnJxbjZ6elgxUmFoMFhuK0pvTTRLWkhBCmx4RUxONTYw +VXZGZUtQcnFaRXhuODNQQjhCRmFtOG1TQzQ5Qk5ua0RNQ1UKLT4gc3NoLWVkMjU1 +MTkgSmh2TCtRIHgyQjZBUjVNMTV6cG9LNE5NSFBMc0xid01PQUEyeVd1ZnBEaUVM +Rjh4bncKVHpqQ09XVk5od2F1MW1namloTUVMaEpuamlZcWIxRmsyRVIzV0RYZGxL +awotPiBzc2gtZWQyNTUxOSBTcENqQlEgN2s0Zmx1YjEvMlIzdElmeTcycEpNcHNJ +UUM4RzBaZWJEYTNUK29vOEdHMApkKy9SSk5PT3ZaQXQ1UGFCUFFvVE95V0tBZk5v +UlR1M2tEYWtMK1hSU09JCi0+IHNzaC1lZDI1NTE5IEJZS0crdyA2YzQzQ1J1L1JG +MXFjbzE5eUhnZDBjNTJGOEZwOGwzSmsyRUZhQzhtakFFCjVQYzM3VlpWR1I4THd3 +Ky8xOEd0UE1hVjRRS2RiVmUxbkpmdGxLR2RLcWcKLT4gc3NoLWVkMjU1MTkgWHpm +bWFRIG5ybjFTUEZ5OFhpUkpVdnZHNnZ1eWZGYnNQeFFvaVNoQ1pVaXJ0ZkNna0UK +cUx6OWtid1FRaTRLMy9EaGk0K2NKWE00UC9Ec0FsUDJCODJzNG0yYXJPTQotPiBz +c2gtZWQyNTUxOSBSNSt4ZncgdG5DRTY0QzU4MjBXTnFWT0NiclJ5M0g3eG9HVm92 +M1RIdFdidm9hVlpsTQpFZEd6QVFjY3NLOWVXeDFTdXZPenc3L284bG12V3dIVzRB +QUZ3ZmU0VldRCi0+IHNzaC1lZDI1NTE5IFJvWDVQUSBHQm9ObTBXWUh3YkRSb2VW +ZGE0aGFYM3RkbURpYlRTL3NMek5kZEpwcXprCjFHL2JIMFRKVitiamRSM3dHNzlj +ZENNZHFIOVdLS2ZOb29RU2FKd1NCWTQKLT4gc3NoLWVkMjU1MTkgRjRiYjhnIG1z +ZGpQQ1ZDSVdLVE1EVUFRVW9RZ0QwbVJPSUtIYTcveUdBaGIwb2oxbVUKZGRQcHNB +WmJuN3B2VGVlUEJLem9ja25wSjlreXpCOEZUUnZnY3F5YXR1VQotPiBzc2gtZWQy +NTUxOSB3ZHJaSkEgTmtoYlhWL2YxZFFheEVCbWMzOFpwendzaFZsOEIvN3VzNjlZ +cXNsUUduQQpacFI5ckx4TGZPRnp1RFM0SHJlS2hLMnU3NURJcWJKTEZscEpLVU5k +MXVNCi0+IHNzaC1lZDI1NTE5IDVhZHFNZyA4dFFyS1h2bWJFYXZFSkpaNGVkam55 +RXMzSW94NXZTVy8rRHBWOGl4NVFrCktPVWI3VUhWZGZtYlNaVm8xTHZiTk9FbWZ6 +OE5WYUhaTjAvQWFxWDdyQmMKLT4gc3NoLWVkMjU1MTkgWmUxTXdRIHZYT3dNK2cx +UFpSV2dabnhIcW5HMlYzK2UzNEorQ3BaRTg3NVJwYVM3MlUKeVJqaE93N1lLdkg4 +UU9VaWRpeCtWQ2V1bmkwMkJvbE56U0lXcEhMVE81WQotPiBzc2gtZWQyNTUxOSBw +ZUZCUWcgMzJUS0hEQjlNTUEveGxXdHZGVlY5ZjNrZTF1QWc4eEhiUmVsUWRBc1FV +awpkYXgwL0E2cUNvQzRCQlVHQWM0djh5RVJ0SFl2R1p5ZzlEZ2lZV2trTit3Ci0+ +IHNzaC1lZDI1NTE5IDl2LzJIQSB5bDh3ZTBqWE5wNWdVczhsaXFJaXdEZXVBSzND +ajN3WlRVcmp4dW1FN1dzCkxMN0wzV3BIdHRqYXhmSzlLWE0veWJHVlNBOWFncFZ1 +M0x0MWY1dmM5TlUKLT4gc3NoLWVkMjU1MTkga0hrMmdBIEpINTFDeUVTbCswN3F3 +QXp4eWMzTUdPTWFGeENOWWhkTTl3WnRIdk5sRDQKWk80VFJGTW5xdkwzMDdaSGFW +ei9RTTg5SFFVRktFYUlPYjNOT1FQSklZRQotPiBzc2gtZWQyNTUxOSBJb3NBQlEg +ZVhldEpReS9jMDRzcXhrZVRhSGFCeWphQjBUU3JiUVVYZnc0d1FUNFUwYwpLenBY +YXMxREFRRjZZTHBIUUwxQVplL3J2WGszNUhXSzhZL2hDNXUvUnI0Ci0+IFUtaS1n +cmVhc2UgPnMjfCFtCjcwT2hGeVY3b0VBSTZIZkI2bEVSUzR0bzNQQUVjNkpYZTJl +a2l5b3FNbmpQQ1F3ZTNDTUE5ZmNBbmhzZE1uam8Ka3BqWEtQVEIzOUFFQlV0TUl0 +QWgzU3QwdlRTWkdUWUNRRlB1Ci0tLSBaeUtEanlxcDV5Q0Uxa25hVnFiVW9KMTlw +TElTNVdoWmxlWFNsMXFlY0VzCpnuSzzkIeZRg56GdBS2gOTaXV70O7kR/9F7deO5 +XJOWo7ES0V1Y3WqNHmCsWHiqHj/yKT3JYBPd5p8tPzW/uwO/4KKfqaG5xY3l01Uk ++zsFTkQh5xRP5vtQ5Q9ztTVV3hp4QLVsBLSwGHMiJyL2BGawLD5OsSehBQ26nU4x +gmE2ZP8WWm2dCTGJBf/JQ7rl7+G54GRK6akWRCT+ZzL9OMA5u3dgyvE3w5Q04K34 +sY8WJIDaUm/Gr6JB3gHTfHaSsqx5NE69EZ2we4qdUW/ATeIa42NLPOYvShGzJdNO +nWC1vemKsUUDR1KzfoZ6W5KM1Dl6f0IzC2e3gAztH0FtZO47is1Lx9jsbVN/FRh1 +aM2bk4LUfsH0CtVqRxEqVg1gXzB+ICe/K4xU8OB1g7uzTYS/rZc1KG2sHJ0fjXUV +m0EdIMiJi4uTltakDrVGBKiNhQAz4V6t/kKkONvFg6wFoVzgm3kOxfRcryWfF0sc +VDaa0kOnDFS/MuIsMENJ0XP5mTO/BQERY4m423nY7hH4Ud+kU9k8zQ3gdNIGwCEK +1j0P61nlu6Y4lSO6UaNgr7xl +-----END AGE ENCRYPTED FILE----- diff --git a/common/secrets/secrets/nix2gpdPocket3.age b/common/secrets/secrets/nix2gpdPocket3.age new file mode 100644 index 0000000..206918c --- /dev/null +++ b/common/secrets/secrets/nix2gpdPocket3.age @@ -0,0 +1,50 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USBGdVY4 +TnVkZlJ0elRhQkRSMnlXUjNNb3BQQmVBbmhYYVpqOUx5cE81TXpvCmNYUG5rTjlo +RmpNQmFtZlBwWXY1eDVzOFh0T0F3d210QWRvOEZnN3VyK0EKLT4gc3NoLWVkMjU1 +MTkgSmh2TCtRIHd4TmdIeWdiTXk4QWwvdURNQ3NtUlpNZWpnT2hubUk1RTUvMFRG +MUtEQnMKTEZBV1dPOXlQOTNSNVZVcXUweWZjc0RlQzFybE42Szl3WkJCOWszMHdN +WQotPiBzc2gtZWQyNTUxOSBTcENqQlEgU0V5bUpxNTVNQXh1UU8xYmJLWEROTkRr +UmtNOWQxbllTMW5BZzdNR1JpcwpCMExaYmpNbW5ma3N6SHBDR0lZdHljNDNlNHlM +TTJrTnpKanIvYldhcU4wCi0+IHNzaC1lZDI1NTE5IEJZS0crdyB6UHBMWXNCZ3ds +S1RQL25SdjVkRElKMjYzUXFKV3cyZFl5VlhvQ3ExeUQ0CkdGaGZrNGdZZ2ZsTUsy +amVPVjhjMEg2ZkM1NnF0cTZFNGhFSGpYQzRNRWsKLT4gc3NoLWVkMjU1MTkgWHpm +bWFRIEN2bWhSc3AyWjlXWk80NTVpbkkvTllWbnJScS9XWjQ2RUd1OTkzMHRzZ2MK +bzNETWVrVFdIQ0VvUEZSY0N4T2Nqd3c2WEZWS3JqZTAxaTZBaTlmOHpZQQotPiBz +c2gtZWQyNTUxOSBSNSt4ZncgQUsycFZocFZPdUxQM3MrU0o1OGE3Rjh3SFlNcXdo +MExnb2hBbHdoTk13QQppenB5THpDV3VXRHdZYjJJc3dPUW9qcFBydUs4ZXA3Z1JO +ckl1ZVJjNzdNCi0+IHNzaC1lZDI1NTE5IFJvWDVQUSB1MzRNMUwxb1ZESWJrMVdv +RkMzOGJHYnhnOFdHQ2Y3cjAyemI2bDJoRUIwClpnTys1eEFlNkZ3cStndjFyVFZF +eExaQ0JDRlhGWDVyRFNPR3lBRUdITkUKLT4gc3NoLWVkMjU1MTkgRjRiYjhnIEJB +RkJ2QVZsWjdqQW1TeVpCS0tpSTFiZDVYOG5ybG5rMjg0SWVTRnlwd28KZnJMVE5C +M1hkRHc2K3RCZFRjU1ZyeVR2YXhWT3ExNGVRNGRMU1NrYk50QQotPiBzc2gtZWQy +NTUxOSB3ZHJaSkEgYmIwbXd5aXlFUUhJd1VORmxjb0hQWmRZb2lMZ2xBdXJaTmx5 +TEU2Y2wwbwpOZzNJQ2kwVUxBRVcrYjBOMWx2V0F0dWJCdnB3cXU5S2tnZmpQc25P +NnZBCi0+IHNzaC1lZDI1NTE5IDVhZHFNZyBCU3QwNjdGYXE2RHZtNGtHTVdRbmsr +QzgweFB6V0xyV0c1NldBeGR1UEVjCjBKN2pJT2FJeFZUNDFKRnJMOFBWRGRDa1JK +UExOZkhwcW9WZWxqSGVwbkkKLT4gc3NoLWVkMjU1MTkgWmUxTXdRIEE5TFYrV0wv +MzlicXhsUHNoblUxa1FlSFlmMUhnYy90OXROUkIycWFFRTgKclNPSFdtVzF6Mml2 +KzJhK0hmWDIvUmFlSGVLQ3l5bElLY2N4aWxkNFU1MAotPiBzc2gtZWQyNTUxOSBw +ZUZCUWcgOVkvd3dmV0hhUmwzQlFBOEs5a1hGUmMxRU5heFNaZWhGcDRYdTd4ZktW +NAo1dGsyMUFlV29hOEt4R1l3S3Y4NndrbHVUR29sSkMvZ0R2SXM3TG9MQXI0Ci0+ +IHNzaC1lZDI1NTE5IDl2LzJIQSBTclIxdXQycVZlckR6aTZvSzJxY1ZmSVJWNk9j +MWJBYkp0ZUtvNHR5Tnc0CitlQzZDUWw4M3JNSHVkQ2U3MTdtTFBGTmpLenR3SmRw +NWFaNzFJSHZhYzAKLT4gc3NoLWVkMjU1MTkga0hrMmdBIDcyU0ZjeWREdFJrTEdk +c2RGY3Q3cE0wdDh4SGRJUVAvSzR5WmFENWQvQzAKVTZraTduUVg2RHlEME9CcnVq +MFpCbHBKVFNTOG1aUnNIWWJHUXg5T0k0UQotPiBzc2gtZWQyNTUxOSBJb3NBQlEg +YSsrbmdVOHplU29GTzNMNVh2aE5OaENXWHE3SlIxa1NuVHI0WEV1SG5sQQpuQWJP +MnllQkFSMDd3S09DNXhxU0pEcEFGRzZabGkzTlM4ZXBNWlRkMU4wCi0+ICEtZ3Jl +YXNlIHlEWmUtSzZeCm56bkR2UUV0OVJGNENzRWt0M0NQSG5acHdQazJFb1JFdGdq +aG5Lb3BtTUF5QmtKaXV3YVJOTWpMdnRodUx3NkoKNmpkeGw1dlB1NmFpUk1RbFEw +dwotLS0gc3lycXhWZXBmd0srSjhPTW1vMmN2REs4TWI0VUhiaEt6ays0akJQSkhs +UQoyTVD7Gbo16BII9fA/kbWQA9cLwAIJC2eJldhHa1Z+/nCLTYoolHFvhDF1kNNU +Q1VUi7Hwh3WfIZ5U9S8Bb1gtesAXrjAVoa07IuuELmY8P1aVnhO1Dh1E9bXhvjs7 +T9Qz5iA0R/IcMGzP1khAwda9urAqjtqjgNJOO9tOnKGOfCuUDhsPVqCZAfag4MeB +A/UbjmKvQuoMLnx4r8AdZB6hEC6OvT0d26e1EzT7o4C4nXYk4+ocvNY2kp+9N8d6 +C5qxI5juVeZenESlAxQKqaih6wUI5Hb7vlbMM3LvQqmSdwspOCYvji34LTzE2Vl7 +fTb9us7PpueVWLfzF2ea19B2CNZR6VWJ8d2WNDSGhoq80H5k9fawhq/PzgB/CLzB +dArCKrT7pL/L4oQVXuRC+2dKSmOm+hlrWHS1rwWEbgA7iQV8MR7eaHjUKEpRYC/W +0oSyCsBNRTJrTQEZfknGgIK9dAKM2Mx1rw/1AbPrtcJe7aHI0R1wK+bSgXOrYgWX +78V0+RseYYzyPgb6LUwkrA1MAsMp3NqQFts50DZ/x5ZBrKGWyEWO96Sg6oMCz+Gh +2S5P02QBaoTSyuhHpg== +-----END AGE ENCRYPTED FILE----- diff --git a/common/secrets/secrets/nix2h001.age b/common/secrets/secrets/nix2h001.age new file mode 100644 index 0000000..07148ef --- /dev/null +++ b/common/secrets/secrets/nix2h001.age @@ -0,0 +1,48 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USBqZkZV +ZFlDOTkvSkM0NmFlOHlIak5KUkdEZnZJRnJOQ1hLc2pkc1pGODFvCm91Ulc3aEkv +NTUzblR2ejRzM0I4TnoyYVlkQTk4d2RNSTRUVDJ5bzQwVnMKLT4gc3NoLWVkMjU1 +MTkgSmh2TCtRIDlwQlRHSS9Nd1VZV1BRRUVRRTdjWGdKQ1hiRitPMi9KcW1JMEts +eWpnVFEKZ0thUVhWbDZxSHY1eFQ3OHl1R2JzRDFRbkpnMkVQRGhUYi9oa2luaEtx +MAotPiBzc2gtZWQyNTUxOSBTcENqQlEgWTA4bTNxL3E2Q0h5MWhnN0x1a1N2NWRI +K0JteUdIVTY4dlhtc1JYQ0pFTQp1Y05ob2hRcVNhbzJpSE5ReE1hN3BlTEsvdUtJ +STVRdlZCWW8vQWhOblhjCi0+IHNzaC1lZDI1NTE5IEJZS0crdyBRYk42V20xZS84 +WGd5NWs0d3ZmcVdKNWU2NlBrVjM0OEdXRHlVaWRORlRzCjBZQ3JaOVFYazVDeHBa +RVhieEZJRkY2KzRSZy9LOU50VGFiRWtsV1FyUUEKLT4gc3NoLWVkMjU1MTkgWHpm +bWFRIE5JNWQ3SHkzcXpGZEZVRVRZZC9GRVRvWDVvNHZkbGpEMTIzUjdNME9YMEEK +UytTTVlUUUhjaGpVZ1lYV0ZETk04elYwZ1FUdGVlMURGV3JwM01qK1M2bwotPiBz +c2gtZWQyNTUxOSBSNSt4ZncgRkNvUjEzdVRvbUxyMGQvQXlTU1NTM1NWd2tMdW01 +RE1zd1ppRGt6QndoTQpJckl2VitBR2poRHhmV3RWSXN6amg2aFkvcTd3aTRIRkxU +SFBMSkVERG9JCi0+IHNzaC1lZDI1NTE5IFJvWDVQUSBFcStmN29VTG1jTEtiMTho +V0hJUWFxemRrNnJxL0I0T296bmlvQmt4eEdvCkR0MFFORzExZlhDVXpYT0VlQ2xY +SklsRkFMVDJzQkpPemQwa3NOYUg3VVEKLT4gc3NoLWVkMjU1MTkgRjRiYjhnIDdF +YXNFY1F5MElweVhtQjdkQTAxYWo5Zkp5R1VoQ2s4dkhnUmRwV3R3eVkKQlZ4dTNS +QVlkR2FnR0pyQTlhSWRQNWtnT0dCbTE2YThiZWV5UGdUNFc0MAotPiBzc2gtZWQy +NTUxOSB3ZHJaSkEgT3luM1VmQm9tSG5majdWeEh6ODBLSm56ZFpSTUVmYzY4K1M3 +RSt3cGMwcwpLUWpGREU3dFc2NFFtNVZGSDIzem0xZGF0aXVhUHFhUEIzWGMzUDFT +L3I0Ci0+IHNzaC1lZDI1NTE5IDVhZHFNZyBwUml2WFlKSFdnWWw0YXczS3hvZ1dH +d1BLYWNpL1plYXhldDg4d1BHYjJRClZzNkx4S0ZYY1MzeU1aU3d0TlBhcHVvNlJn +NDN0Q0wvTCs5eS8zTnFaK0kKLT4gc3NoLWVkMjU1MTkgWmUxTXdRIDAzRk83R0Zw +ckFzZjNuSHRpQjA2cEsvTnRKdDBRT3hTK1krWTA1Ykh0WDgKWjlEN0NlYjYwb2NH +RzU2N1lzWjI3eTlCSXgyZUIrY2UxUzdwRVY1a3FVOAotPiBzc2gtZWQyNTUxOSBw +ZUZCUWcgYmNEaW9ESGVaS21NQWlITmMrbWQrekxQZXI5SExYbE94ZFhNcWtxSzd4 +OApkMzVTSHBSR1BLS25vaFUyaXZQZHE1cDhrTmZENGZNTElINUxwUzNONzdnCi0+ +IHNzaC1lZDI1NTE5IDl2LzJIQSBqRXVCUEdEY21xblVXV25sTW5FTkxMTTJPL2pt +U0VDV3hZRC83TVVnelRNCmZXRnYzS2NqcDNIV1k1WHFOVy92aURVVStDQU50VmZl +T3lSZTNveWpNVEkKLT4gc3NoLWVkMjU1MTkga0hrMmdBIFc2c2lrVWZpbCtXS1Jr +TFI2RFRYM1BNWEJjeFUzclpXTUF2OGE3MmFNSHcKV0dHQngwRE14VlZRdDJqTHhQ +dTMyL0JMN3VRWlNRTVZka3VuelF3QW92cwotPiBzc2gtZWQyNTUxOSBJb3NBQlEg +d3JwUyszcTl6TU1XVHA0d2RNb3VPa2I1ZzFqdzJyR0ZTTTIzNi9VcnJqQQp5VHVh +TTBjWXgvb0daeWN0Ty9DTytRMkVES1hBR3M5YWdEanlYdDJSdU8wCi0+IF99LWdy +ZWFzZQpnZHBVTGZvYm1sWk85SzVOV3FOZkZtM3NKNlFLdUxDRkxBTQotLS0ga2JS +NGc3N3o1YjBOeEl0L3NVZVprNDA3VFpJdmt4eW0yYnJ4VWdkdXBoRQqosYCeWC24 +SETTy8dVYTN0kWZBhYxUQDb6mhHPZrLOmlNyDeambLNwpoGHGpxUy1vrYL5cOmBA +pZ4lLKvAvm+lj7FCqX7+uhQi5FohVTm9bz1IsJcId82yf6lLjc4p7M+ww6icM0vH +DHHsZ2ecQiJKOvf8BUGgAxBkkdy0MWVRAAtOAqadBRtaGB5902FOI0gWLyAyFqlk ++P/pHRfob8PlnWb7MTYsUVgIBtbV/hIcpSx7BIsPTsdr7yFirhfoC4giBMT//2Mz +e7NGN2bX93pAUPWK2P/k3geArT1zJoFeyOpkyIhnfeXaA8WKb5juA/Rly4aGUJO0 +oQKJkNGg3DPQMAEwwaijjuz19wd3o46o5la+2L/Yx2fCPDcwOyYzh8wVdc2eq6Ab +y3y1wlFfMLpsuBSENnCQTPCWimTOk2lPUKEjDtLXCtucwyd/fzjHCjF1iR5twVrw +id5+60bFV73v2QsQ6+qnNRj2Ea+LRHA48NtQH4Nedv8xlhgqkR0tD8mZc6Xo65MT +1Lj9suIPCf5L/j7GiX4MPDt/uptHJEckGMEo0rrwINBps7K7XrQLfw== +-----END AGE ENCRYPTED FILE----- diff --git a/common/secrets/secrets/nix2h002.age b/common/secrets/secrets/nix2h002.age new file mode 100644 index 0000000..c69d953 --- /dev/null +++ b/common/secrets/secrets/nix2h002.age @@ -0,0 +1,48 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USBLNmRV +NlNNT0Y0cTZVY083b2U3K0tORkdxR0IxNExrL2EzWmM4a2hoUkF3CmlDWmVaY2tV +OVVrYTBXeHpIM1lkOVBPeG9qOW0vL0hmSlM5OTVjcFVNUEkKLT4gc3NoLWVkMjU1 +MTkgSmh2TCtRIEJJcGRpcnlSRGFtNzFlUWt2OGpxTUI1WG9zdzRZakpwUjkybW1J +MkdhaDQKNEMrT0VVSnZKYzZscWNBdkQzbXBsc0liYzI5bVBkZC84NnZKYzBtVEZ1 +TQotPiBzc2gtZWQyNTUxOSBTcENqQlEgR0tSZVk3M0hBd3djZklhVmdOQk5lcXpm +d2NoL2RrVk0xLzNxRWVIWU9YdwpXQk0yQStOY1JFNjF0ZWhkS1gyWGRhTXpkUGdI +RGlOZlBLMnFaMGVVSjMwCi0+IHNzaC1lZDI1NTE5IEJZS0crdyBBZDluVnlKQ2FV +NFBpZDZJQmorYXVsV2lHMTdLRkVjSjZPNHhCUk5iSVV3CjdIU1RaaEpocDF5MHNj +blFVdGJjR2hwczNOZmpZdElXSURLd3hpQ0xvQncKLT4gc3NoLWVkMjU1MTkgWHpm +bWFRICtWcXVMLzdGOE5xajlBaWdoMk5lL1J0U3JCL1dZQmxnOFpsK0Z2ZzFvbjQK +ekFWSVgxdjZjQlkxMTlCYnNPMWN4MW1YY0xSZFltSk83RXkyUmZBakZjNAotPiBz +c2gtZWQyNTUxOSBSNSt4ZncgZDByMm1IanR4ZE5EUExyTnNNVVN1RTdTV1BJak9E +TmZYbEZOSHNZbFBDRQo5YTZjcVBrbTExazV1a3ppQ1Y1NUZhUUNqWWhLaTR3NkVx +YlpzR2xNVWQ0Ci0+IHNzaC1lZDI1NTE5IFJvWDVQUSBNMEt4UFIwb21GOHk2c25j +a0hpMkRQVGhCM2NFWmNlWXA4SElZUlQ1TlY0Cm9CVVBDQ21PbU1Fd2ZCclduMjdq +aXNuZS9lN0dicElXckxhZmxpRjJDL3cKLT4gc3NoLWVkMjU1MTkgRjRiYjhnIHA3 +aTJ5VUJROE1PZXlGZjF6R2J1OVBDUWF0N09TNmRkZ0x0YStxK2ZTU1EKWDBkK3FF +c1FCSHZvZW5YMHBVSis5N1pRTW83bnpQZGY3dTlOOGNJT011ZwotPiBzc2gtZWQy +NTUxOSB3ZHJaSkEgNFhxRTdZNm9OUm1zOGpadi9jckxOMnRhbzUwL09SLy9JRncy +TTlzWUVuTQpVdUFtWTZhRStkN1F0cEh5bU84YW45YmxtYzlXR2NOdTY4bHRZZWs0 +RjlJCi0+IHNzaC1lZDI1NTE5IDVhZHFNZyBXdWo2c3pPY3hmRmp5Z1FFdERUUzcz +MXRRNjI0ZVlLUzArRFhodS9FNDFNClZyREpwb1IxdG14TFFSVHlkTFNVOVlzS3kx +M2FpSkhReXljSytVczR5MHcKLT4gc3NoLWVkMjU1MTkgWmUxTXdRIGdIeFpXODY1 +QkM3QkNkMllnWXFyTlBpYjd2SkI5TlNoT1ZxSldCN2xGeUEKaU9XSkQ4Tm56Tk9B +Y1l3OGozSVk4M2ZFejdwR29Sb0NsQ0xrMmZzai9DawotPiBzc2gtZWQyNTUxOSBw +ZUZCUWcgUXVkZUJhbEJ1ZnFKSWRaVUIyK2JCcC9PbDZjQ2VlTURWMzBOM1loV2hV +dwo3OFVtR1JldEwwSjE5NGJKUEVyYlBzTmJIYzBYSCsyWWU2TnRwaEZLeWM0Ci0+ +IHNzaC1lZDI1NTE5IDl2LzJIQSAwTkpuekFzUHZmWFdRSjRnY3YweTlWYlRjOW1U +a1hXRXFPakRNUzdxVWxJCnhIYU8rUGh4dy9HMGUrVi9aaU5uL3djU2JrYktaaTZI +QVlMc1VyaTUxTjQKLT4gc3NoLWVkMjU1MTkga0hrMmdBIERkVmp6eDBvZ2dXdURq +WlNwZjJMN3FLVXJEa2taYWJjbVlLVXBsbkl1MjgKdUhtQ1RFS2Z6U2t1M1MraWo3 +VWFCZERRZXJPTjBNS1FkdFZtdnQ5T0pBUQotPiBzc2gtZWQyNTUxOSBJb3NBQlEg +TUpKaThiUVJWUEF4aHZQMXpkdER3TzY3cWxWV1BEbEd2TVRkT2Y2MitqYwpsbDU4 +U05mN0xmY3pkNWtiRTBPSVgyUUhBTTA5cDc1aFJEUDBjU2owd0VvCi0+IHAtZ3Jl +YXNlIGxgcisvJiUgXWVsIHZrIE4KCi0tLSAvREZvRE9zUlRIOHZpYUVWZ0pyQmlh +K2ZubG02bjRjdmxBcVdLVENIejlVCtydnNICLzNyabsA6H8fhwkySlITewQ0vFBQ +GvfvDobgKzac8kmjDDwiIBwRI+EgVznSecv+Oqi2sJaodIxGaYgvEh+FURMfYOPX +K95ykf+R4bAowyG66i+mg9vthJU2O4v43R4qN4+0CVrArqhQp+ywNERsTV/2pU3f +bTFAYaLaLihEFDjCy9+p/D5l33Ns54FYAtBtQ/Ut4VY43i9inE/qohM6vy1W1SgY +THW3pLHvB6WlZvv4uD+IXK7GJXkedKxIuH0pGWLTF28aIlWTV8QYlCYpqpqaYs4X +87oze8zgPCNa2xODkQnYUI0GX4Fg3vP1K6R4G4DtCOytZdDYXncEIC4+opOoNmfg +xuhjELH+eZLXXRRd8PPrPTWXQ9CjPOK20vwc2To3Oljt940di6+886j2vFEBd44v +A1cjFG+K4mQ9GvdAk98EgRVXasmXyKnRdc7kFym9EY7guZtoA0Bav7YCn2vMwF7G +yLmxss4Wa7UA9v3GF270M/fb6D5u9qcDG7v41wYSldfaqSDs0Vw1ZfaGBYAXF5v7 +GgU0MSWaFyHej5xq5UVTlMtWh2YR +-----END AGE ENCRYPTED FILE----- diff --git a/common/secrets/secrets/nix2h003.age b/common/secrets/secrets/nix2h003.age new file mode 100644 index 0000000..01a858b --- /dev/null +++ b/common/secrets/secrets/nix2h003.age @@ -0,0 +1,50 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USA0dTdj +TDY2STIxTm8rbnNWS2J2VlZxcVRFYzdBRElDT2RUR1pRd2piaDFZCnl2d0xoUmg3 +OEs2bXNUY29RQWJ2WG9GMXIzZCsvcHRRUDFvRFl2elR0a28KLT4gc3NoLWVkMjU1 +MTkgSmh2TCtRIFJsbjBZbFhEanBaSW1BOXBwbVQ5eUtHSDRQRzJleTBGc3BlY0dv +VzljVk0KZEg2M09TNVlvYXAxaEFaUlpkLzljZXVQUE53aEVLQlZXbVBpdEM2b1Za +VQotPiBzc2gtZWQyNTUxOSBTcENqQlEgLzQ0MVpLWXMvSXkwTnk2VWFrQWNtdVJj +bURKUzMrMmRqeW9TcTF4V3FtdwpVQmducWt2dkVPQklma3h0QVkwZk11cW9SMkxa +Ykp6amg4RWUrZEpFb3NBCi0+IHNzaC1lZDI1NTE5IEJZS0crdyBDNjhjTlovT1J2 +QXFPOVZrQ1ZFWUV2cnF0eFdTR3g0M3VFd0dvU2hVNEFRCjdzR2hZR1pKUkpJL3Uv +VEdPNzE4TGtWRVpZeEROZGFNMXRtc2pFYTJoMEEKLT4gc3NoLWVkMjU1MTkgWHpm +bWFRIGlhUGZSUVhtSDBuaTF4a2pCbFNqUk8wN1NGT1cvbkVqUmk0cEVCTkhoa2MK +OGZGdlZBLzJCOG0rN09BQlFlTm41NVh1VEdZWFRjVTVMeFBRMXB5dktUZwotPiBz +c2gtZWQyNTUxOSBSNSt4Zncgc3EwWEY0dmZPT2ZnUlN4Sk83WkE1c0FldGhYclFK +T092dm9rQjY3TEh6UQpFQlFTdXBJWVY3aUx6Y3lKVDBGQ3ZHbVJqMm16R243Z3VU +T2lHWVdNMTk0Ci0+IHNzaC1lZDI1NTE5IFJvWDVQUSBuUTNLUGIwMzhKcVVyeUNG +NmJ1WkRtdS9FWHQvTGROL2ZiUmxmVlBIQWtZCjZJMUduWVNQMXVZRk1CbjhCTnFX +RkxoaTJuelV2bW01T0hiTHgvNTVZc0EKLT4gc3NoLWVkMjU1MTkgRjRiYjhnIEl1 +SnJKZ1Bwb0lsN1dTZ1I4YVN0c0NaUDVEd2c4SjNTRkw1d0ZpaTF0RHcKTzBabFNx +d0ZjTjNoemY1UzVBemd6QzNIQTl3b0N2WVdWUE9CV1VzcVVtcwotPiBzc2gtZWQy +NTUxOSB3ZHJaSkEgbGI0MjhMbDFZblFud0U0Qi9ibHhSMlJTa0cyRHFJNW1tcnZQ +ZUNma0VoTQpuNG5ra2hwRlpneWxkTEgzQWlhMkRJVUMxR1RVZWZXWGloUEtkcWdI +RlFFCi0+IHNzaC1lZDI1NTE5IDVhZHFNZyAwNHF6Zmt5YXViL3o2aVVKVTNSakVX +eFpuSHN5Ty90bGI5K0l5VFVtL1NvClBsa2tRMm1QSVlBNmJ6T2JlT0V5cFNmV1c4 +Tm5nL1NiOWtGWm95VE1Ya0UKLT4gc3NoLWVkMjU1MTkgWmUxTXdRIGFwdWhWNnBQ +N1lYeC82NzNHZ2d3TzBzUTcrcm0wWGNPdEc1cUtndTZRM1EKTmxadlp6WC9BQzhJ +S2NIbjM4OHNpUGJiZkhOSXJDSitiNndOYm5VWDlCcwotPiBzc2gtZWQyNTUxOSBw +ZUZCUWcgUTFOZUtZSFJRUkw0eE9wd1ZCcXd6Z2RvUFVsUnZBcWlSRXlHU0lWcVpH +TQo0ZUszNFF0NUdib1BpZ1FnM0hBUjFsMHdSTE1ma01OUHRIWXFUMmJRbWRRCi0+ +IHNzaC1lZDI1NTE5IDl2LzJIQSBocFJ1aGpicCtUTjR5dEw3RTNya1dINTN1emZl +OVF4Ykd2SmMyNUNqUlJNCkV2ekVCNk1uNEZiTlJYVDVsREQ2cCtRR3pVRVZZek12 +aTlLelNZOVVXZG8KLT4gc3NoLWVkMjU1MTkga0hrMmdBIC9aT0pJSEZiMTA4c0Vi +dExPN0ZtT1BOY2ltNk95TzB2K0J6WEJaTUJ6bG8KdWo1OFpTWm1JWkRrWmhYUzRl +TUFJTHp5Mk9hVXZSNXFHM09IZHZOblpqQQotPiBzc2gtZWQyNTUxOSBJb3NBQlEg +ZUpiN0RMRUhKM1ZvRWJQYVNCVzROckZ4SDY3NU4xb1djcUgyQW9xRnkzbwpOZ2Fu +dXNnTERuOHFoVVZGMUhpb2N3MDhRK29NVjhuRFhyZTdjL0orQXZvCi0+IDtXeHd7 +YFBpLWdyZWFzZSB7PCBcfkRZey4gI1d4Tn4gXwpIVDhGeFk2K3dOUkhBWkU3SnRP +THVSUXBWTVJBSlZVWERqL1F6NjFYQUJHZitiWXJhYjFHS3lmd1dDVW4rWDZRCmxC +bmt3NTUvZ0dScGFUaFJ0dwotLS0gTTRUejRxU2ZKZVN4MXkrSG52dHJzamxpdjBC +aWo0a0lmS0xWeStFN1UzTQrI0E7L65ZYdi9LJwZ3nSgT7WwwQJovYBqw7YO8jE+n +1iAUsxo+nj7V7ub7D6IxBaXupMwqqEGX/fUgLyHrckL8V6RmVfvoJROp1Vm7HncW +xqoFr1cj3n6p+O+xQPFy+1uVSktCTvLgHDNHavRPaoT6vP2FcvQkI7jczbGJel55 +YBA6bLrMLsn1+MmY5oT61huymRbKFyt3c7+u/vqYwD9/J4/KPW7nO0hCQ8LBJEm4 +KFwj/6d8zyLFGRB+wwH3pEPFWZ17/7tK4xRR3jUw3ertMKnLtpYpI7sCOhCStH5G +6CTMGgmWOyPmccVfWF3RSnuj5I53nnkYktWcc3o+ak8GCw8PBJvAfkAJyNjrSo6V +QTMX9qsrL8SydAXXFk2lNcv3maH6RgRB9ycPGak/ZsrFP0VkMFpOLIfqjJMnfChY +CUi2b1iTMlmw9VITSfgh82mue+bcevSaP6KboeksBq2ah8hSN80WPtb7VQNUNl/u +cQT5DoyvaIxOstiVpBy7DY4pvb6c5iWkUuuDiHrn0AA4XB2skTNhGU1oty0YrDFB +tnRtsOYgu5d/53Fcd8aUNg== +-----END AGE ENCRYPTED FILE----- diff --git a/common/secrets/secrets/nix2joe.age b/common/secrets/secrets/nix2joe.age new file mode 100644 index 0000000..befdff7 --- /dev/null +++ b/common/secrets/secrets/nix2joe.age @@ -0,0 +1,49 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USBrRFlo +VzhEcDJmTStuQUxxcms4am9idGpZYm5HVndISDlDMzVVVGl1ejJBCldYZllDcGEx +QVl6NU1vVjBPQXpLTndDdUZIRWJmMC8vRWhjOTRDUm5yTUUKLT4gc3NoLWVkMjU1 +MTkgSmh2TCtRIHl3SGo5eEdyRWlYSmVZaWhJNEt0VWRiY29IN3AyeGdYQWtuKzRL +NzJrVUEKaGdSelBON1JrbUZGVnJUL2RwZzZVWWJxVUkxUmVrVHdTcno1aWYvbGwv +cwotPiBzc2gtZWQyNTUxOSBTcENqQlEgQU5Ia294NGsweUI2NUs1S3VZaVVEWUtZ +d1l6WGdPcnBmck81UGQ1Kyt4QQpwUG5iaFVUNG43a3A3M1FvUjZGd3ZtZzMrTUFm +amUzcHI4Smp0OXdpdWJVCi0+IHNzaC1lZDI1NTE5IEJZS0crdyBFRkd4U2hvcGRk +ZjhleWdheUtqVjBRMXdwZ01KY3cyck5tOCtBaXlBc1ZBCjNvUURFdEFpZ0VteCti +Z2t3SlhRbWMxakRHbFlPMU5HZDlOV2R5d3pWdHMKLT4gc3NoLWVkMjU1MTkgWHpm +bWFRIFVZRlYzSU9FZUpoMnp6dVJPR21Zam96R1NQOXJQSldXOHNGYkZnR3ZxaGMK +eEJvbzFKY1R3WTJVaTN1c1hnTWJ3ZU5OZjlZR1kxMXd5bmJYNDRBSWNqVQotPiBz +c2gtZWQyNTUxOSBSNSt4ZncgUHBaY3ZaVjcvZXMxLzRiUisxMnNwV2hlM3NxR05Q +aE4rQjJ5ZDl2eDcwVQpUM1NKNHg2UmtPeFhGbkxTUlFtTFJ5bjNSZVNEWmVKaHg0 +cWpmT1VZZFZnCi0+IHNzaC1lZDI1NTE5IFJvWDVQUSBKZnF6enhLS3BzUis2azFK +VlFDVTZTRTQ0czdNclBGYzROUEJHYlpod1gwCkpMb2hSRHVFTzVTZ1dmM1Fid2tl +bkhrK1dMdmxZSWxhMFBFM0wvZ2tuTW8KLT4gc3NoLWVkMjU1MTkgRjRiYjhnIEov +MGpzVlFwSi9RUDlQSmNCRXRqaGNpSHFwa1o5emdOcmY5UFREejdtencKVHE3OGlT +NnQxL0xJdTdYTnJQRTl1bjJNZDJ2MVdnWHlzb0pZS3JvYW1GbwotPiBzc2gtZWQy +NTUxOSB3ZHJaSkEgVVVrQ2ZJdnY0WHRrdFBidDh6ZGxCQThjMk1DcG1UZ1hhMiti +WENKclB6dwpCZHRhU2NWZTFQYUFWYUxCUlBUenZPVDdQa3pXaVE3ZUdSNm91MWxB +SGZFCi0+IHNzaC1lZDI1NTE5IDVhZHFNZyB3QnVtWjlsOHJvVmltSkdVY0wwcmhk +S2prNGg5UE0ydWdSck4vMFY2cFdzCnAvOUR6VWtEOXd3OE16ZVROMEJraXVTZHV4 +OFdmQlRXcStLa1l1eE5yR1UKLT4gc3NoLWVkMjU1MTkgWmUxTXdRIE9NbklVa3V4 +aU5ubnk4WUJyRTdXRmIxT2YwODJQOWZ2eFdYUHphSGlwWFkKT2ZWWWF6eGc5YXJy +NWNqNE4yVXc3MFA3eVJQbDd2Zm1FUkF3M25LT0FGRQotPiBzc2gtZWQyNTUxOSBw +ZUZCUWcgNEZaNzVhZlVrS2FXTlRXZUZMcWhwNnVORGJKYmErQ2FIRDl2b2wvNDB4 +OAp3NWdNcjVXb2RLczJGdGpyaFo4bTVLMGk5QWNQbkJpMjh5U09kbENVS05VCi0+ +IHNzaC1lZDI1NTE5IDl2LzJIQSAwbXFvZWVaTEp4eUkxVGkvcWpZbmRnWGdjeXdW +QzgvbzBnbU5KWE5Ba1cwCkxUNnkwTkFFdHpuRlovWjh0RVE3U3pIc0tVcXY3RTc0 +NjRaRnE0YXp4NDgKLT4gc3NoLWVkMjU1MTkga0hrMmdBIGtraTV0YWxFVDVkb1pE +NHpVQ2h6VGh3LzVRTG02cVdGRHpmak4rT2h6QWMKS0N0SFpyY3lhYlZxc1NQbkZW +VkVvQlAwejF4aUpnZmY2RnlHNDhQVHhXcwotPiBzc2gtZWQyNTUxOSBJb3NBQlEg +dytPUnI3MW1TckplUDZWRUZrUVN0aXhtSG1OeWkrcEIvVitxOGR1UHdFNApxaVFP +cVNrV2YxNGZQalZ1aTZLbjFYM1hWRkpFM2xhRlZTN3VNNFlaR09JCi0+IFEtZ3Jl +YXNlIEVPUgo1b3AzSWtZdkdwWEM0bVM2cU8rdTkxMFpTV3BZUGgzQ1NwWlJ1UXMr +dVIyMktqZjBRSzlrQkh2V1dGM3NoUQotLS0gSW9aS2RLNzZMQXlVakF1WDNzNWl3 +VEpQSVVWVVZkQU1FZjBaNHFxdmFzSQoHZa1y31EyfxcF5zL9Tp0efLfm1Ak/v9N3 +IqCds1BYhPDeCECA1zHdGZojhrxFuOyr1H/uSKuksPktfi0K7F73NsQ8Prf3hiVg +C5Ckh540/7lv8Y+f6eOSlbUUHkO/UftqyPqPwl+L3cHApoSN5OZJz+nVgJROQMBY +63lxHjw170/E1BNsf2jqdHHJUwyFd7hia212PqCQOyh0wbc+6E0t/9gDQXphBxC2 +/EpwLgBf0b8+nzGVZ0RP3wkegZyl2LYwkh+PLhRTTJOulE664eaJBFRpW/wfw1el +QaoEHw52O92IE6KbM7lQ2ujmHYG2aKBf/u16DfkDBrHSplz9bolcueppa7ubLgfU +mEacucUtRN2k+kA8S0UVZDsbo2oQfQL+fgq6Hcx1shpIFpugyhDMMHDD90cvAs8w +Keg8jHbTEtVJAtBmLYraeyGXsla1vPCcoXfHr49ej3Q4B7pMmReMtMEP/BDKy6pK +csPW/lebooacQpu1fjVyYyW/AgJHa0U6oZTr5i65FNYd0nQa07D3bYO3o7JUFZoB +Ah7b2Pj3Wv5Uzxka0R13xtr0Ud7jqw== +-----END AGE ENCRYPTED FILE----- diff --git a/common/secrets/secrets/nix2l002.age b/common/secrets/secrets/nix2l002.age new file mode 100644 index 0000000..0866e44 --- /dev/null +++ b/common/secrets/secrets/nix2l002.age @@ -0,0 +1,49 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USBPODJ1 +Q2VxRFlMeUcrS0V0ZEhGdlRnRE92TDA4aXUwdDVKYUhBaG11R1NVClRUNnlJd1ow +MkliL08zZE12bHRyaFZuQkszMU1nL2pxT3hIWWlObW5IUE0KLT4gc3NoLWVkMjU1 +MTkgSmh2TCtRIDUzVXpLblJLZmY2UHJnQ1FIV25WRjJEWEYva2RjRUFNbkU2TkIw +Mk9hUTQKK2pMSytja2ppbE1Vb3hYVWhNMG1wUW1lNjRGMGpseVVpeUV4dkY1eTA4 +NAotPiBzc2gtZWQyNTUxOSBTcENqQlEgWmV5NW1rVGk0Y0VBTFJ1bEpGbVFqdEp3 +ZVhyWkpaWm1uUHl0L2N4WStRYwo5WE5LYnUrTldDMGQrbDhtTEl3cmZGT21FNkZt +NmJ6eVBGeG5ZUjhCZE5BCi0+IHNzaC1lZDI1NTE5IEJZS0crdyBVcWZqVVl5VDBP +azJjL0p4VEJnTzJrdkRZdXNSRGpIdXM3ZWttWkluMlc4ClJOV0xTOU9PeHhMeWpD +a0twcCtxYklUSjF1R2NseFF3NDk5eFI1Z2Z3Y1UKLT4gc3NoLWVkMjU1MTkgWHpm +bWFRIGhONk1uMk5xRVdFUGZhNkpHUWhMUTN5bkkxdzNTRExqOGlGZzdOZzk5U3cK +NzJVSFppeGpGSWdob3ArTDhpcEhNSmVNMm8xcXRUS1crN0FubTR0T1BnTQotPiBz +c2gtZWQyNTUxOSBSNSt4ZncgcmZ4MzRQQW03MWpwK2EzYUtaL3pPQmhhVzVBK1U4 +K3lOSDhNSzJreUwzWQpKN3BYSUg1ZmZQMEFyMUJRUU53bDJGZ0ovd0hoRWFOdEpK +WVJUOGErZkFzCi0+IHNzaC1lZDI1NTE5IFJvWDVQUSBSblVTemNRb3M1T25yYlhS +M3dLQ0oxZmhLQ1Nldkc5NVY4bDVMcWpPaEc0ClFDalVaZzMzUGxNN0x1eEJRUklQ +aWwybzJhNmJNNkJBSkp0WVd4WGxEZEUKLT4gc3NoLWVkMjU1MTkgRjRiYjhnIHUv +ZWdmZ1RUZWZIckkzVENjblk4a0lVbVRzL3lDOFZhQk15SnU3REJwaDQKQVNncVdL +R01RM2FQekJXcHdYb084SzRRVGcrcVdMMmIrWXozM1BXcFdJRQotPiBzc2gtZWQy +NTUxOSB3ZHJaSkEgeGhtdkMyTUQza2t2Y2ZGbmRNbXhFSmt6MGNNTWVGV2xGKzhN +bzB6REhrWQpIUTNPanVNZXQzMHlWQUduZUMzdk51bnNqM3Raem9pRG9iR1FRRzBm +aTIwCi0+IHNzaC1lZDI1NTE5IDVhZHFNZyBJaUM0QkV3M2R1czdwYy94VWlyb1Jr +eUUxRU5zWU9tUGN5R2lMdk4rUFMwCk1ZMkJ1NW1abXRicjRkcE9CUmRqVFRjRlFv +d2hHYmVKNTVYc090ditMYTAKLT4gc3NoLWVkMjU1MTkgWmUxTXdRIEpFYTNQSDk5 +Y2JXL29YaTExc1ZiWkFKZUdFcDBjd1p0NWh0bkVXSk41aTgKRmZuWHRuNnpqUFNp +OFVZeVhDeXJMbUxuWnBvQVE2R2NwOXFQYXNnOUFsSQotPiBzc2gtZWQyNTUxOSBw +ZUZCUWcgNmlsV251TVpneWttdGVKVldSbzg3RE9ablQ3ZDhSZE9Sc3Q0VDRUc0Vp +VQpXZ282cnFmczRvb1Q5cWtrd2NsdXBlejFMSUJwK2Z3Zmd6NEpNNUxJMDBJCi0+ +IHNzaC1lZDI1NTE5IDl2LzJIQSBLOTNlbFFPdVBMbElNcUtaVGVtVHFjTGJHQlFz +NUdDYnRsbGJEbWVsdURRClVnWnpuT2dhUDV6dVp0d0FoT0gxcXR3cVJDL2d3Mm5G +dzArWjhsczd2QVUKLT4gc3NoLWVkMjU1MTkga0hrMmdBIFIvZGVGTmJ2TmJxR2Vm +b05RMy8za0liMGRLQU5XR25DNmladkgwd091Z00KTElBRTF4N29pbHVHYzAydVgv +TU5BRlVJeW93NVFtZEkyK1puUnBEVUJhVQotPiBzc2gtZWQyNTUxOSBJb3NBQlEg +ZU5EY2kyZWVVWDdEZDdZSUIxQ2lneWJrL1g4Ry9NcWwzOXo2ck9nam1WYwpRWlMw +SEhMR2VHMWNyS01TV0RQSGJiZzNjWXRRYTc2U2w0QnhpbFZzS0pFCi0+IFBBQC1n +cmVhc2UgXU0neTEgXkd1TDhHLHwgWEc+ICExVwpSanE3MWgrYWtEQ3JYbm9POE92 +cVVLK1pBaEdGTnVBMQotLS0gQk5Ud2dJZHRzN0RZTTlZLzdvTVp6c0pEejFBZU9l +bnA2Q3hGcmVOT3NnZwopOnc+QlhQ9rs4u1VZzBGuVT1C/M1+of1PrkVrG9FspsTv +k9M3NSrz1aCMHSgX+YdH59xr56PqsRjP6nok8+2XMMs04g/sfbQsBG6GIy0l2ke9 ++RgoIQ/7yBY6HhcSfBK8OGHsBTypj2iWsXmHji+JJHgXelLBQxPhiPh721Y+aR/g +6dhgaSkeiztKbzuXX8Y4idAx22vln+a9IhCeh9ObUucxXoQ7PsJXJqPFr4tqJfWe +R2wluD3RtZxzbkvKcmiVvgJt2pRRoMPC5tn6Se2Hl08fDoTR9Z24wK5igtu0+rBp +tALfNh62Nl2U1s4Ukd+5eH28vC1QEz9UqnTNvi7o+1usmLsMIjwagEgfUB+yzaT+ +8VJDj4Y4xfI5WdgbWe9A9JFk4ve8Xmqkkg8zlaveEg/wSMDbiZP5NV20xHDIr6kP +yrctn77Vohff0iYL4Fm38FgJfODFCLsHYOok3OgGGySLdTZcYZ69yJjlDm5m47ea +vz2zRL4m9MxS4vE9eR04T5G+isZnLZJP/T6SImvSKHKNpeXLSFbycRLYJkf0jNCS +g1ym3Ql3lTyozQVBCg== +-----END AGE ENCRYPTED FILE----- diff --git a/common/secrets/secrets/nix2linode.age b/common/secrets/secrets/nix2linode.age new file mode 100644 index 0000000..21529d3 --- /dev/null +++ b/common/secrets/secrets/nix2linode.age @@ -0,0 +1,49 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USB1ak9y +UTJwcVZCbmd4d1RPaWw5MDd3TTc5WU96MVptcVYyQVIwMzJDMGhzCkUrV1JQMlc5 +SnNxUm9UY3V2Tm0rVDV5ZTFLeEdYcG9qZWc3M013RjVpVTQKLT4gc3NoLWVkMjU1 +MTkgSmh2TCtRIDJBK09UZk9jOEFPL3NXRmFaOTJjM2FlalRaSEhESlFSZjBmN1hr +RUNoQmMKcXRlMGFnOXpCWjMvTGRLd0FmcDlQSmF1TUhXdXcrNXRIcUh5dEZqbDlz +OAotPiBzc2gtZWQyNTUxOSBTcENqQlEgSnphbHkzZjU1V3VzTzF6K1ZkcVNvcmp1 +VkxhWDZPTHp5bmlxWGVTOHp5SQowZXc0OS8vOHYreEJXbVZudUtKVVQzR3cxT3RC +RlpJNVFKN09kcmFtaTVFCi0+IHNzaC1lZDI1NTE5IEJZS0crdyA1RzdxQjVqZG5G +UWtlUXpnT1FsODhaQlcwclFvZGZmb1pJY3MyRWtuZG5jCjI2QXFGMEFRVzR5MlF5 +QmNXbHQrOG8zbWpCU2FWVEhKNkhuT2JtNko2REEKLT4gc3NoLWVkMjU1MTkgWHpm +bWFRIHB3bXM1TVNBUmt2VFJPSEhzZjBZQVdVcFVNM3k5Y1ZCTmVtTHpObXZablUK +RVllREl1eGNJUmIwZkhtUy9JeEo3VHpWRFFGNG5QbTZNdzN5bGpWeXlwSQotPiBz +c2gtZWQyNTUxOSBSNSt4ZncgVmVqYUdWVFdYbThTUFIrZThYOWI1cGNFWTJnT2NS +RHBzbnArbkM2YXVqbwpzSEowTi9oU3dnOTY2R29GODRpU2piRWFUSXFBcjlXanlR +SlNZaEFCaWFvCi0+IHNzaC1lZDI1NTE5IFJvWDVQUSBFRGd1TWViVFRHQlhEd1NY +RC9DRXJxUE5VazhkUHkvQWRLT3lrY0xaOUFzCndNUk1USXJ4eUtLQ3hjOEtLaXBJ +emhmRjJFT2xreGRtWjlZaVo5ZjRLYTQKLT4gc3NoLWVkMjU1MTkgRjRiYjhnIGZ5 +VUQwRlVnUTZFcXZ6ckFvQUhRZzJFMVB3dS9RT0ZOWm4wSEJGVExaWFUKYlFzSHNs +VUhZTWJjb3doQ1hQTU5tRWQrTWhjR2E2cVlLUWltZGhaWWM1RQotPiBzc2gtZWQy +NTUxOSB3ZHJaSkEgK0I3MS80aC9MV1ZYZUkwMGk4VjV4Tml5OG5Na3dyS1JWM1V0 +a2FUaWhVZwpKSGJJY0RwaW5lYzUxc0dWaTlxdFBwV2o0c2lQWnFlQng4Tlp1bWtn +OWhBCi0+IHNzaC1lZDI1NTE5IDVhZHFNZyBRVXJYMmp1d0RXNFlPWno4d3pDVUVD +Vmt0YmhyQy9Zdk1QdmdweTlaVlFRCkEyVmttUjhZSDBaYk53ci9UbERiaDhyRGR3 +V2lpcFJBK3crTFZlVnBvNTAKLT4gc3NoLWVkMjU1MTkgWmUxTXdRIGFiQ1E3bGlr +bDVXMTNyVzVwNHdwQ2hnVi9Ld20wSnczeXZ4WVJ6MlZnQkEKOGlTUVVBZkVCOWg0 +N0tFTlNxZXFqaUJEellpRVlZM0JyaUZNUWV5dTRCRQotPiBzc2gtZWQyNTUxOSBw +ZUZCUWcgSFhTUEx0N3FIVzAyYy9rRkZ2OUZBYWVQcmhnYWU3N1J0V2pEZktVQTIz +cwpoZzhPRThka2JoY254VEZFeVFaN2RDVDBKZ09MUXI3c2VSZmJyRUMwYUd3Ci0+ +IHNzaC1lZDI1NTE5IDl2LzJIQSArazcwb0lLb1NxbTVpbFlKWmJWcXdnK2pXd2xi +ZmpxNkliZ3RCQ3VBaUc4CjNUOFRJaG9kZEZFKy84ZTJ4aU83U1NEcWJNd3hJZFFY +amdqV3hIZit2M2MKLT4gc3NoLWVkMjU1MTkga0hrMmdBIFNmNHFrdDlpb05EQlE0 +ZVhqcGpqNFY4M1Y3aHVlTUNOdnJ4VktxbFZobHcKTWd0emd6RFMxY25kbDlNM2I3 +Sy91ZVlOVkl6V3JqTFBuekFLMUs4NjYycwotPiBzc2gtZWQyNTUxOSBJb3NBQlEg +aWFYT1A0MDBSMHpzb3YrNXNHNjc4dUtoNkZ1RHlSL0tWV3RscTlocUd3NApMT0FS +MFZIVytLeGF1WDRKN0ZydEltVkxmaWF3TVdWV1FraTcwd0xzODVvCi0+IGY7cUxl +Ni1ncmVhc2UgOUwtR28geWMkcTwibyB0LVU/Qyt5SiBZNzxsYEJEQAowTUVXa0Yx +ZStNYWIwdzI0bXo2R1NWTURCMVVRK1F3WW1QcwotLS0geFBtNS9vMlE1V2Npb2lh +KzgzWkcrNS9SRG1ZeC8zdUhQbkludVJwbVc3QQo1QQm19YZ6VMz/+vhRhATkrYwD +KP/ZH7wMl9n40mzx5U1g87ERd3zoDyirTsgMn1N05fpnW24a71FKddHpDUuFc7Fx +xLc0Xst+uuSD8lj8H309fBBLn6yfvq4vu+/XNqsUvTwkBVFRN6EkWTr0XoFTBrlr +AwkEzL2hvC8Gt5U2sjNkJR9GLSZhwOFwTrFMZRW6ZcR42o+6GRUtFmRX7iUMKJ6a +2LIn3i7Qlc8pkvtEWB8yHQ8iLxa0SbWPKWnMcTV8LK/JvhSebBHxx35AhbjZAwc1 +oLmichP61qIGUGb3r3Y5U1C7dWpAwMp12Z2efk1uOfO8QzM1GYqIRvsXSPzfB80w +OCdnZez4iEIvxslbcLSRNZn1R8mwj5deMK4ZfU+26khzqBAtrjAA+tlCtViGKqUE +e7eOBujnBz67YbUYFyepBd8UfDsqM9jtl3PW07Bgvi1MJY0S2dzopgTlzYnS3PNS +8xyLi7Z/McMmHg5RZs2jKHScQlcs/+Y5y000UiqtWy2UmoY6zYwGW08eqgZLZKDS +QYY/0MHWQGO469J3uNdCx6qkzPygWchlGEKpxA== +-----END AGE ENCRYPTED FILE----- diff --git a/common/secrets/secrets/nix2lio.age b/common/secrets/secrets/nix2lio.age new file mode 100644 index 0000000..1ea57d4 --- /dev/null +++ b/common/secrets/secrets/nix2lio.age @@ -0,0 +1,50 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USB3dHp2 +QS9lSENJbC9VR1RpaWYyRG1KQWFXVGFsYTJyU3VqNCtub2RYMkRvCk5pMitVV2xZ +Y3hqTU9jSllaVXFReklodnVpUVVHeENpdGpBaTc2ZHN5Mm8KLT4gc3NoLWVkMjU1 +MTkgSmh2TCtRIHhIMGkwQmxYZjdBdFk3Wi9BQm12Qkh5NmExNklZbnVsZTdoZVI2 +bk9rSFkKMjZGc1o2SER1d24vVjcxVktjZmc2NXlJand1WE9zZDFZVG1WS1dNY1NG +cwotPiBzc2gtZWQyNTUxOSBTcENqQlEgSEZhMldYaEFyUktESkttclBUV3JlSldl +UzQ0T3MrdzNmS2ZJWndVMTJTYwpoazNQMUt3d1A0ZHV0bC84b282R0NlRzhuQTE0 +V1M2QVp2NXdVWTVpelp3Ci0+IHNzaC1lZDI1NTE5IEJZS0crdyBKRUhKZTgwSnc1 +YkJlb3FLdkxRdFNRK3gvTDVzM2RnRDdqT1g4b21pNnlJCmFwK0pGNWR6M3BNRmF3 +aVRHRlVrZzZ5NlgydG5VTkRqTkVnOFZLVmlaelkKLT4gc3NoLWVkMjU1MTkgWHpm +bWFRIGRrS3AzeE9jR05udXZVczdvaElkT2NFWkhyMGRLM1VRVmE3d0Jpek1DbG8K +UHNJYlFrME5FWmtoT3JZa042N0pzRlFESGl4U0dJNGtmT1Fad0J3VGdkbwotPiBz +c2gtZWQyNTUxOSBSNSt4ZncgaGd3SVN2MHZlQlhFaFFCRjR5eVV3Wk5LTE1PTHVO +S1pFK29GRXRhcC9SawpRTE5BcTRIMFE3Y3NTZEtwa1V1cUlodzBXb3dUODJ5ZEVV +eEdPdjRGcDNJCi0+IHNzaC1lZDI1NTE5IFJvWDVQUSBNanV1Qkk3THV6SVZCOEUz +Q0NBSW16dTMzdWtpa29ncTRmd0o3eUVKb1dVCmFzd20wa29HVkRRRjhZMkFaSGtL +Z2M1SzRPNHdRMG10MFZQYTRtRGZDZ28KLT4gc3NoLWVkMjU1MTkgRjRiYjhnIHcz +UUlraHJNd3QwMC9Ta3cxekVCYWJrQit0QWhuSWkwenp6OUdBRG9oVXcKQk84OFpt +S0RqcGsvN1FMMy9SaWpnTVlwT0VsMGltMzdueVlISWZDblJiMAotPiBzc2gtZWQy +NTUxOSB3ZHJaSkEgMVA0RzFwQ21YNVVBdlRuNWhRVjhaVEk2MkxmU21IeXp0VFNM +U0RYN1pBawpiMWJCV0JUMFZNVWxROFByNXBBSzV5LzlxTmJxd211OHI2VGw4RTdJ +WEZFCi0+IHNzaC1lZDI1NTE5IDVhZHFNZyBkU3RiRThocHh5QjRKSzJ5cVVIZlRU +NlJ2VTByL0VQZU9DLzhPN1ZxVmtRCldWTkx6Ty8rbHFDT0RpNER2MVA1dVFiT2ND +bzBsbHZ5d3hzaWlRM0VyYW8KLT4gc3NoLWVkMjU1MTkgWmUxTXdRIHFrNVRPQmta +L3YwZjZ0MTNrK3lWeWdCRmF4MmdFMmszeTRlT09uVDlkVE0KYjlINldYK0VuNjBa +NVY1bFg4VkdyQU9DRk4yNHpGREs5cWthMzBad2hwOAotPiBzc2gtZWQyNTUxOSBw +ZUZCUWcgU1ZRclhTL2FkU09HcEtiNkY3OUo3Mmw5bUMwdisyL3JoMG9tSG00SGZR +VQpMZ0NvYXh5N0gySHBMZnF3MC9oc1g5cC82Si9ybjh2ZW9XRlN1SkY5RXdFCi0+ +IHNzaC1lZDI1NTE5IDl2LzJIQSBUZTJXY1Z4a3RSNnRvaHFhbC9BTlNvWVRIazVE +QVU2RTVrcU9NRDNERXhrCkdmbHJYM2xSUFM5TEs1Q0xnQkgrRnNzQndDRWlXQ05o +MWdRRU9xQlhuNVUKLT4gc3NoLWVkMjU1MTkga0hrMmdBIE5tZVV3aUhlWEZkeHFs +SUpTU013RmcwZzc2SlBlZlA0RERnTDg4SmVVVXMKbS9LZHlaNlRJV3dPRjFzMTha +bU80WXR0SkRINGRxc2NXQVo4N2xqZXhDMAotPiBzc2gtZWQyNTUxOSBJb3NBQlEg +SUtVNWZjY3o1UkJvbFZ5WStqWG9IMjMyUmRYL3FYbXRPOG94ckM0TUxVWQo1MFRE +VUU5Wm1NZGQ3MFpRa3BBcWx0Kzd2UlMvOEM4Z1NoOFFYSWNLOWFFCi0+IHAmdml2 +V3NCLWdyZWFzZSBKKCklSyNAaSBSCnowSWtOYndCZmNoZ2gyYjNMejJpbHpNekZ6 +OStGcGFTVGJYeURqK0xYaUpkbFdLR01WdkRlMmY5UlIwVEQxYnUKLzNGUGJaUWhR +T2hwc1RXS0pzUi9KUi9QRkdzVmRKYnJVMS9pN0pMdTZIck93d2JmSFhNCi0tLSB4 +K2RSaVBENkNwY3hWbFFJRzRMYVZSY0pXTFI3MENkMVVzRTJoYmdNN1JVCv7Oz2Fi +S5/m0Lpgzb8jvETd0PIqOImElU7dg60vsww+++Ci7oo1Qw9l/bNdqOhIi4FjsGJp +vQZz6OsqpvF7Ou+YauUvdx6STlnkwrh9J7BVSkG++oduf16bTsV1rqSE/e3hHe2I +6rPv29MFmOxd3Ym4g+RAni/Ib/Ti7MdJJ3GDxOozAlHJrymtZ5NNa21UipoQpeWr +QauxkectXbeVZ8dsss+1sPI/z0CYFHhsEyiKGzZv6LFkdERuTGRmLHfYEwpCeeuZ +nJg5ztWBmvbwmbnbv4hbRaDNf5lpZA/sJV7OuJ/1iX2yuhBywI3808ioFtq3vScr +uUusVwaktQTpoj7yr1OuUltgeuALegw/DwnzZE9mNpGtUjbIbMmq/vJYhH3rC1wv +f2NuCvUN9GvWDt4IQkWDw7m3W6DUaNhoHE5NwcZ8GdScQ2j6IlEEdDAZ/da2Cm4B +o/heA/LGRkgwldpABIVdp2rZAsoU07SgENteaWTk281yBBbiG/QxTHFzgxw0wNjo +ShrXQQMnXWC2Fdz8ogj0RLesMsfjRnEIRwexxNLf0ihBwvet+JxKD6hL +-----END AGE ENCRYPTED FILE----- diff --git a/common/secrets/secrets/nix2nix.age b/common/secrets/secrets/nix2nix.age new file mode 100644 index 0000000..4877bbb --- /dev/null +++ b/common/secrets/secrets/nix2nix.age @@ -0,0 +1,51 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USBiSHRC +QUVCMnBYdDJXUjgweVNiQ1loTlkxMWxjV3haODdWeFFOOXVrb0NrCkVZRzZYZVNR +RkRBTlRtOFhLZUkxRnM0UmR6S3hzdTcvUGwvV083RU5Hc1UKLT4gc3NoLWVkMjU1 +MTkgSmh2TCtRIG1HWmhGSG9ZQmNoWEZvWDBta3V0L1I0cTE3c1orMlp3ZTI0OW5F +TDBaeUkKSWFjSlQrdGtnVlVzNWp3VHBhcm05QTNKZUZrK0g5RWRJY1ROWHYrUWpY +TQotPiBzc2gtZWQyNTUxOSBTcENqQlEgR09DZnpLcW04TkpDa1crTHg4RG1FdmJh +T2V2VGJhWC94cm9IbWY3bmtrWQpmSGMrRHdreDNXOUlZRXdUQ3IzU3dMOVU4c2hH +YlpTMHdBZkxKcWJrMjBRCi0+IHNzaC1lZDI1NTE5IEJZS0crdyBaZ0RPdUhTV29y +QXN5N04vU2gwc0VEdzUyNDdBMU55VHZmK2Fjc0N1bTFvClRDY0hoRDRsd3ZSSlVr +RlJHR2VHbGxZYlRKK0hkV2lYWXFMUEM2UzZYUW8KLT4gc3NoLWVkMjU1MTkgWHpm +bWFRIFBqUlZoWW9oMWtoM00yU2oybzNuTXFvYXJjS3I0MHpFN3owUWZtQWdrRWcK +S0RGOU9jUFJxY0ZmWFJmaU9GaFNjNjhSZk84MFRmcE12SjliSmpEMWpFcwotPiBz +c2gtZWQyNTUxOSBSNSt4ZncgZ3A0NUtnS0JMN1dINStSOUlNSitxWWZRaEk1Qld0 +aXp1V3Z3dVM1TUcxcwo1cENLMTNiSlJkeHNNamQyMGFvQ3FWNHBJYVVNSzhVdE9P +MkZVWnJmeWI4Ci0+IHNzaC1lZDI1NTE5IFJvWDVQUSBObzFBR1pKbTdpVlIvMWpa +bWlxd2Uwb01KYkZtMmhXRmZCRlgySW82bERNCk9kaDlRV0JxRDRvdTlxWU1xM1hF +YUtnL2lKQTQ5T0dFdEEvT2hTaXdmbVEKLT4gc3NoLWVkMjU1MTkgRjRiYjhnIC8w +d1hwSEw0Rkg1RE10Nm9oUlk5a1hKS1dJdGNyTHV3anhtcU9Ob0EwWG8KNXNHeWxp +Q296SjRsR1lSQmpDU1JCbngrVWQ1M2NNOGhLdkQ5REQ5dkFiUQotPiBzc2gtZWQy +NTUxOSB3ZHJaSkEgM1FWOGVtdzVERTl1dXpzYndmbGd2c0w0a1phczlaZy9wSzZw +Z20wZFpXTQp2azFzbkVDeWR3eFFhZTloRFlhK3c1Z01vaXdGYkVBNit0QWErRVNL +MWdRCi0+IHNzaC1lZDI1NTE5IDVhZHFNZyBmMG0wRHJDVzJBU1ZoRFRzdlRvOWZi +TDM0VWpKcUY4V3EyTzlBbWZlOWlZCmI3VHlqYitMODE1LzUvWkhoODl1WVVCM3hl +YWg2WWFlUUhkQ0lvbXovVTQKLT4gc3NoLWVkMjU1MTkgWmUxTXdRIHJON3RGNDYy +Sk82TnNwUHhOYVE0WGoxTFdIUXAwSlROMkl6YWVEYk5tMkUKd3M3VzA4dWVoVVZH +VW9zcHd5cEtadUJMWTJacFhkcUkwNDcyT2xHNUxBOAotPiBzc2gtZWQyNTUxOSBw +ZUZCUWcgbGdIakg4b1JzMkgybmpScFE4bmFreTF6ck9aM0hXbm1nYXl1V09CUVBq +OApLaGJHdEpjUEdjNVJEQXZvOUVxcllEckxmWVdCVkJPeXFDVnQ1cFI3cEE0Ci0+ +IHNzaC1lZDI1NTE5IDl2LzJIQSB0NXNaZEtyQk1SMm93b2t6OGp1OHRUWXZwdWpa +Z21sVlJ0QmM3bW55MUdnCnZCRlVCdWRqN0hIVHRIWVBIYUdvTGYzWUxpRHY4WVZ6 +MFlXcUk5anlrMGcKLT4gc3NoLWVkMjU1MTkga0hrMmdBIG5TTllCeWJtUkpTbVpQ +NzF4S1lIWk41aHR1Skw3ZDJxSnBhZ2NHNTdra1kKRW8yeit2SDA2S2xCU1pueHlY +NXo5WVIxaDBiS3dFMURkbnBQM3M5V09hQQotPiBzc2gtZWQyNTUxOSBJb3NBQlEg +K1pUM1pkWDIrd3djSThuNVFrTlBQQ2pOa0ZIRHRLZERnV2xkRitWNXBHNAozZjZs +MXhvUWM0elJkdEw3MlcvU2xBUXU5VThMVFB5NUZmTnhsVDBncVBBCi0+IHFjeUMt +Z3JlYXNlIGU3KmRuajM7IDZWCjJ0TWVnSmZRYy9aK3RSNWludGI4emdrSU9KV1dw +OUtYK3NUZldNcFZid2ZZMzRPZlFKRCtZbitPZ3hMV3FZaDAKdjJjeEVWUjc4Q1pk +L2tuSUZ0cVFDQ1YzOWxHdWVoT1hZQ2IyNW5XMEJ1UmJDckdTTzY2TnZmNGIwRy9H +S3JWbQoKLS0tIHVNQTFWNkhLMlVMMCtPU1plSVVBQ0FtZGlKNktSbXJKMjlsaVJx +L2RkNmMKL4QzBzzSOYmRx+8QC3YrvNX3hbfvPPP5gp2kfFK0clqTId3/UZu4qkOt +jUlhRTRWqv+ggJAHjyBCIPQP3BgHb6EDH0B2+ZaE/fXepvIaPnvInIoc+W7Dr8wA +JqgeDOtBWwuKKonGvPcATT3URZ8i5oGGHbyYGyQmeDjw7XdOQU78n8/sgm9bvOPK +woEE1G5tBvOXPWZXxgIlb01J/1LxLhmk7mmB5hyGgzG1kXyDHxcNmSytWNLe/6ly +v9mZSXAT97PPLJJcdwzd57tDav7yXXiNq8Wg5jxZR+YtyhmDX5BHcw/0nJr6CU0R +8bAsraBf1+zUoGYG0XKnqSCCb0Ky8rZYtG+KlN/aFRJ4T2RgLVIzncRvzL3evOa1 +52POfhB26YyMdV2kQ82V5UJXEFHkjdjwixp7n5jxg3MKxZlCumyPCuUe11W9tRtV +UQPNxdhgOH8GZAm8m6JxECtJ3Xx3XpGG5nZSLPCDoIQnetqShb1vyc06AQKMdUnP +FBXj0edHQE1DRQoVtcSq1+1v7CmLb4iR7yFGgbiuuRzyn2I2YNX6jxsn+u8z/roD +jvGrIE8= +-----END AGE ENCRYPTED FILE----- diff --git a/common/secrets/secrets/nix2oracle.age b/common/secrets/secrets/nix2oracle.age new file mode 100644 index 0000000..a25f102 --- /dev/null +++ b/common/secrets/secrets/nix2oracle.age @@ -0,0 +1,49 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USBrU045 +Mk9iL1AzbG5LK1dKZEtTK1BENmZqc2wzWTdhMU9lL0NscXpJQ1dZCm5VWTh4eCtK +QWhVRjU3c3NXOElYQVh5RUZUQy9jcVA1NG9EZEhpKzZLUEkKLT4gc3NoLWVkMjU1 +MTkgSmh2TCtRIElhTGVrcnk5emJ0ME1hU2xXOTMyTEIxV1l0TVFrc3ppQjc1VTNU +TmJyaFUKVlJrSVhCcm4xbHhwWUx5TXhlbTBwNzBoN21hcU1hVVZHeTNibUVSZXB6 +VQotPiBzc2gtZWQyNTUxOSBTcENqQlEgOFRvYXZFZjZJcXRsbUJUQ3U3Q3lLK3U4 +OEhiYWxqckMrZEszMXI1SStYOApzN3NCQ2U3TTkxVzB5dEUwWXA0dDMxblVEV3E3 +MXNXQVpKSURyV2ZmNDVZCi0+IHNzaC1lZDI1NTE5IEJZS0crdyBJNUdKOGFDSHd5 +VDUrL3VSeEY3NWNoZlFWS3pvZnRBSjRIZEJnYzBSQ1h3CnpERHlkYXJsTCtUV2Y0 +RVN5NDB4UWF3Vm1pdzN0OHFuZ3ZRK0Fnd0V1cW8KLT4gc3NoLWVkMjU1MTkgWHpm +bWFRIDU0aFQrN1pydWd0bkJLaE5KUTNyWU5Vak1tTlhKTDNHWHBJQ3ZSK0VNWFEK +UDkyTkFoSG5aL2tBTmxESWVpWXRpbWtTeEY1L0JZSmlEdVlRekN4ZmdxTQotPiBz +c2gtZWQyNTUxOSBSNSt4ZncgUXRLZjg3UStKMm9MNzFrcTVaVzhMR25DVk9oMGdP +UzErclNkQnhiRnNnawpRY01QWnhFQnFqT1AwcDIyeDZiaG4yeVBzaUptQ2RMeWxz +QkhyMDJnU3hrCi0+IHNzaC1lZDI1NTE5IFJvWDVQUSArWjA3RVlZL2lyVjRFR2Zr +b1FIK2Y4dlhUejN5Nm42VWV3Nmp4cTB0T2dnCmNXZ0d0V2R0RnZHNGliZ0pwNkEv +a2Y4UHlmRnpOZ0dLZGIzTXJ0eWx0K00KLT4gc3NoLWVkMjU1MTkgRjRiYjhnIERw +MkNqci80MXZibkF0Rk02YjBqalhhMmUxelJubWdQMG9mZE9lRzhXbVkKeURhVlhU +bVZDd0l2bFlKVjBKYmZkdHk0OFFNNTM2YlNYWG1SS3pXS1V3NAotPiBzc2gtZWQy +NTUxOSB3ZHJaSkEgdnQrOCtiYWJrU3lveStlRzJrYWE0SEVHUEsrcm4xa0ZZNTA0 +UTZ4dWFBZwo3M0QzZEpFV1BFdGh4RC9DZ1l2M1FRWEdzZUtjbnN4cFRveE9KWU5W +NVFNCi0+IHNzaC1lZDI1NTE5IDVhZHFNZyBSU1ZSd3Q3c1NWVUQyNTczMHBqMDVp +SUowUkhwTEMraWZZS1l4Nlk1eFJVClBjcVYyUndxdjM4ekIxOS90KzNHMXVPQ25Z +UlB1SW9BQzhyVHJnSU5TUG8KLT4gc3NoLWVkMjU1MTkgWmUxTXdRIDB0WkxkYjBF +cVBuVFpiUFhmcGxwNW9BWmRzTU10R0prMmZsVVk2TWR3V1EKTHdySU8xK21hMzJ0 +c2NOZ0NSdHUzSHpnVWE0WU1DZXFjSjBXbHhvd1JDZwotPiBzc2gtZWQyNTUxOSBw +ZUZCUWcgbGFyTzdIaWF2b0w4QlVVUVFyNnNSMklzVGNhM2Rka2FDNm16S0R0MTIx +SQo4bkQ1cWtEVURORTcyREtDdUVPM3p6aFQ4ZVBXNWpCcXhUS1lOcG5tTUFVCi0+ +IHNzaC1lZDI1NTE5IDl2LzJIQSBDenFma2swTUdNalVpalVRT3ZCU2NyMlBOb2o0 +V0tCQ1gycmRoek5oMFVnCmNCRUlxU0F0ZmZyOXFLY0I2QXpuSTVqRUEvSHBHaHBF +SENVeDIxcU94Qk0KLT4gc3NoLWVkMjU1MTkga0hrMmdBIGRjYldMZndtVGRuMHIv +Q2RZNjlwVFkxS0xRQUpselRtS0l1MnNDLzhlR2cKSnF6MEdZRFhFOWtzUzlVZWEz +SlpHZzYySEpEVW5TOCtiZTJIYWdLL3dYYwotPiBzc2gtZWQyNTUxOSBJb3NBQlEg +bThlZVZ4Q2s1OEFWbGNqSHRIQUpxYUNEZzFzNE5qejVnTUs2djFOYjFHUQo1T2lP +aktEaGFOYkw4T3JsVmIvTGp2WVE1dkxSczgzcjNaZDllaHRyVU1jCi0+IGo8IWFS +RS1ncmVhc2UgNHtmWAp1dVJtdTRlMFROaHVzVGx4UkEwcGJycitqSTFvbVFFOWl2 +ZGZVWHFHMjUwTEljRnlDVUpMK0lBQ1Npc3VRMW1uCjRDVXRhdDRRRG93Ci0tLSBa +U2JtM1c4dDd4OHBwK21jNXNqTFdDQ08xTXdWS2xLbjc3dllsUDE4MUpnCheeS5Ao +jdiBXm9dtTEcTgilutkhBaP6NL2MI7TCkratQvinVxVFc3A2XXGD1Dp+/YGhHMx9 +x0l5flisRyCK3Xz8WJWbVi1VZ6DuGaossLHxfIeVWQhzGGlX/4Xu2Ly26BpTDLmi +OpZ4WLHy3kMmt7VOon1xQmlZv7NBj4R4/u7QdPnIt60BwoDF6dGUEVBk/AcRnF2P +23fA0ZlpmSCRCfyMwgdo7TXMq72w/VL4y50y0H1lgexGwsgtOwWsj0HeOxwleSCS +3vHozKZd61AF898IIJh8/YW/A2AQkD0V+BN5Yn9A5PpN7HEQ2cQtsU2KB2LY7Ws8 +/l2diGyNu8V7CmONQh5Rjg5ON0Vj4xMpmsSQO9VyGzwVzkwXPpYadLYF82xP20UR +IieybEz/3n6ihpDPJ3aJ6JN31lZJnCmFkQ2sgvizuxwQnIpuN5nVav8laq4Xjm04 +55r37ZJG4SQUzOMjYdnViq6B/LMslVf3B80vMKXlm/lc8cXXQ5ZErcKJs7WsKD10 +GsAE+kvrxpwBDykMNwluExFxYACp1a+1bZZuzdRITMEstbWQgBK36s/e +-----END AGE ENCRYPTED FILE----- diff --git a/common/secrets/secrets/nix2oren.age b/common/secrets/secrets/nix2oren.age new file mode 100644 index 0000000..a4d820f --- /dev/null +++ b/common/secrets/secrets/nix2oren.age @@ -0,0 +1,49 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USBpSGZS +bkFWQXAyazF5empVcGtuQ3NIQkpBK0RWWnI3WG9vOTdQMW9SNlh3Ck94MlNBSjRS +NTA3ZjAzZXJtTk5WaTFUd0VYWFFseUVTOFF2aUFmaUtCbU0KLT4gc3NoLWVkMjU1 +MTkgSmh2TCtRIFZHS0Mvd2NUSHk0TnRFSWhmTk5VSm9LSnI4cE80OXpYMzJKbzV3 +UDdtZ2cKeTlsTGhmazNycElZLzN3R1FZcWdpK1Z4SGRPbGNKcjJzTnlXZFBJSTJl +UQotPiBzc2gtZWQyNTUxOSBTcENqQlEga09qRnptd0dqN1ByU2JZL1JuMTVJNlNY +eGYvRG96RXhtZFhxN2lpbWZXOApTYnNOYUkxWmMwZjlOMHJzZjdkajJHTHprbXlV +aUFZOWtOT2dMY3MzYWFVCi0+IHNzaC1lZDI1NTE5IEJZS0crdyA2bnBFcnE5T2Jh +bmc2dmRQRUdDL0crYXl3ZTI1RkFDSkw5N3VxT2k0Z0dJCkpsdnFjN2xQeXBnQmVx +RlhTd3hudUNyMzQ4WlN1SGZvRldNNlBFV0ZlaTAKLT4gc3NoLWVkMjU1MTkgWHpm +bWFRIExzZGsvbmQ5NWRHdi9iSmVxVG0zbHg3T2V1NGFqREg1V0YyS2Y2bVNsaTAK +UUNicjhwajgvckxIblMzNk9HUDhLNTFBSmpMdzN4VkpoVjMybWVIc2hpZwotPiBz +c2gtZWQyNTUxOSBSNSt4ZncgNnJiMnVQcUd6aUVzblZMN3cwM3VoZXZRd2xaRlgr +SmpqYm52OXozZnZodwpKMFdsMVl2Zm9qNkIzOU1MM2dmWGRJTFd3bzMwWTVBdDNP +L05HUEpxRktFCi0+IHNzaC1lZDI1NTE5IFJvWDVQUSBUbW5pRVFHaUFlQ2JKZEEw +RDJxUVhiRUxxMGNkczgzUGlBVmtiTDQ0RG1JCnhjZVdlcW1LYkZyOXBqSithVXI5 +YytEYmltaFdLYkl1Uy9IV0xTcVR2YlEKLT4gc3NoLWVkMjU1MTkgRjRiYjhnIE4r +ZC91UURXRHFUWEM2OTJMWjRuUTBDUzZyZjR0MTdlMGJ5NHBBV2lBbDgKcEN0dXln +Z292L25SejhhVjAwdEthdTkrSVo1NzloSWlpQm5IeEgyeVQrbwotPiBzc2gtZWQy +NTUxOSB3ZHJaSkEgTFpMWnlXY1czQWpIdFl6SXpHeHg1K3hEeTBYdUxnREFmL2RF +NUhFRENpWQo4ZUswdFVMZXdnMGE3ODZTRFdOc2hBdzVMQllvczMvZk04QnRoWDVI +ME1jCi0+IHNzaC1lZDI1NTE5IDVhZHFNZyBUejNUVWEvWm8zSVFSRkFpQ2tIM3Vs +UFdTVlBhR3dIL2x4aDZvNUJWd0JVCldXQjRVY0g4KzRhTVRYdzZoRWZPbGlPSDA3 +cUhNTVJVZmpLTmxwN1UwN1kKLT4gc3NoLWVkMjU1MTkgWmUxTXdRIHJTb3dMQUpW +b1htTm1JQlV2TDBXcGk5RzR2ay9JZ2NwSXpWUFlNeW1PVWMKTjV0S2JSd0dhTm02 +VzFzOUZmbXk4d2RweDRtREppZ2NaUmdXZXFQT2xPZwotPiBzc2gtZWQyNTUxOSBw +ZUZCUWcgYTlGK3NsUUpJeW51SXFSaWRZMktZY1JVSWR1RHdxMkVCZ3JpOG5VeThI +VQpmL2pER3pkVVpRMG4yUkpoNmZCb2NzMjBqcm9mWUtpd2JYVE9PR1N4S29zCi0+ +IHNzaC1lZDI1NTE5IDl2LzJIQSBqcjhlR0ZQK1V0eFJINm1uUzRRTzBJZ2xnUk5S +b1BzTUVJdmoyWkVNNVVnCkZZM21DRkR3eDdWSHRtNTQ1WFF5K0hxMk1vMmd1MUJK +ejl2dW1keFhuWHcKLT4gc3NoLWVkMjU1MTkga0hrMmdBIEpTM2NuU2RFVUJVcDB5 +REI4VE9LQzk5UEJVZEE3NTliNGRlVDhQSHZobWsKVlQwWU52cGErRHlMSUs5SllW +YWZtZWI5SXJoSFk4UGxHVFFqOHJqQjhaYwotPiBzc2gtZWQyNTUxOSBJb3NBQlEg +MFAxUXVaZXM3ckZHbWxhY090T1UzaTZpQTRqZXMvaG5VYTl4U2ZYRThEdwpNa25V +cXp5Wk5WOEdjdGFWck5Qc1hjRitRMWdXd09CVGc3RDhxSVhlZkFZCi0+IDUxdmZm +LWdyZWFzZSAqcik9QzxMXSB+UTsgX0hDCmxiUXF0YnRnamt1RC9IaDRkYnFsSHYx +QkhRUU40TkI3MVFVSlN6WDJVY05KNDN3cGg3R0lVSDk4WGNQM2NFMEIKcncKLS0t +IE12R3FidXBvMFlMSkl3MkJleHgwOXB3Y1BhaGs4QlBPaTY3aTZBSUtwYW8KBn0h +p0tQ4FYu7/wPAIJc1Ful9XEfvky2NA1q4xI/gtfeaXvUY1tS5IeVkTQwfEsb6uCa +2m/MRGsWSmfBYHPzBtl/eHNODZ7EHECHjVpq/i0BLOH5a/GJ1lAImY8MDT/1dd6S +iqJPUTOWgH+mczo6BMsQBBmfg987oI/WRMeMAr0xZeFbunSw8yglLbopkFY1sv0V +OgBBUFj06tBhYBivB42fmaFSO/bTYkwD6FSzCfUGSG0p8PPaMIPPF1MU9xtgjW5A +PkN3OGeTDrDJ6AnVjTY64nzSEwILPRoSKXfErEX7Q3oEzSgIdzCVKUqt+Z9S8do1 +Huc3JOc7ZxxotGr9AHPPGYxT6hgkxxQOIrw6W03wnj6oS2XsFoU3X7uATZP5hc8o +p2W0knCKHPjqxb0cCZORSdae3FOQpF3RY3hFOIHTHqR3dfl//D/OdW+9+qZx47JW +hoXDNmdrBjUXW6t/i/rRhcoocomUxo/rLbxdE+/JP86Yg0pb0fPEP6zCMHJusuHo +EojSeWMeRHZ+cF61ee1+8cHGrvXcShJ7uicIXRTFdbdclfM10to7cijub+U= +-----END AGE ENCRYPTED FILE----- diff --git a/common/secrets/secrets/nix2t.age b/common/secrets/secrets/nix2t.age new file mode 100644 index 0000000..843600e --- /dev/null +++ b/common/secrets/secrets/nix2t.age @@ -0,0 +1,49 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USBVUy9q +SDc5SjNYT3djMmVnbmZrSkpDQlQ5VmJQZlFzaUhJS1hja3R0bEV3CnMvK2NKd05q +OUltdUUzWlFUZkhMa3c1UkdaVm1aQlk3MmtGalFsV1dRWkEKLT4gc3NoLWVkMjU1 +MTkgSmh2TCtRIEh1VWxrNnZoN0tabE85NTJuUFVmTGw0c09IVWI1Q3Ird3BWb0p1 +ZSt4eVEKWWlFMzc2SzVwRE5CNVk1N3haRW9UTGpMdjk2d2cxa3BQOUFrSTk1MmtW +OAotPiBzc2gtZWQyNTUxOSBTcENqQlEgVHRUTnhwckpoVEFpMUxWbk1yekRDTzA1 +WWZvSXpDZWxEaCtDVHNKVENpMApncXZIY3ZFbHJxY3VkTGVsclBTQ09jaWxRdDdO +VEsxdmFKYWNEdkUvT29FCi0+IHNzaC1lZDI1NTE5IEJZS0crdyA2ZUhRa3o1V20r +a2tQNmQrYk9wemFhNytRY3FuOTFmMmRad0FNNXExWEQwCmp1RjFDS0xwSGtHQUUy +RDlWVVdxWjhvRGVEeHo4TEdzT1JSRmIxcDgrZU0KLT4gc3NoLWVkMjU1MTkgWHpm +bWFRIDZYYXVwaWdrTTBKYlZhQk9STGNPV3ZqeW5yZDVpcFUxSTVsNW9JcXF6eTAK +VEk2Skk3bFdtWEhoaDllYjloQkcyT2tUaTFtdHYvcFQyalpuaTFac29FWQotPiBz +c2gtZWQyNTUxOSBSNSt4ZncgS1I0NWdPY3ZSU2xENDFFeEVtNVU4dkdGRVVkUWYw +bjhYWlNXMm9jU0UwdwpPQU5KMTVuODVhUzFxWnIzclhCU05mMnU0R3FtanVxK0xn +VFFJSTFvWHA0Ci0+IHNzaC1lZDI1NTE5IFJvWDVQUSBhSStkek51ZWQ4a1dVaG9w +TFN3Vm5oMUwraUx3MFR4bXVnenpPNE0xVmdjCjhORitCVU9nRWpQNERDMElBZk94 +a09LMHFhM2V1dDZvamltUnY4TENqYnMKLT4gc3NoLWVkMjU1MTkgRjRiYjhnIHVP +SCtCUWc1N3E5Zzd3aHllS0owQ2d3anhSYnRFOWh4SlgyOG5ZWFlJbEkKNHVzMjZD +T3QvYXZPaTU1SDNCTnNFNlRtRFpSZy9wQ1F6WkNxNUg2bCtDVQotPiBzc2gtZWQy +NTUxOSB3ZHJaSkEgYVdKNk41MGxMMXl6SkNWVmdsREhTeFJ6RTJzdkxTcWhtY3NT +bXYzTnRnZwpnaXBHKzNYYzNDd0ErbDhBNEVOZ1FWcFJZT09TY3FBanZIRU9nTldu +L293Ci0+IHNzaC1lZDI1NTE5IDVhZHFNZyBWSUFiQjBLVjVjdUdIdUR2b1Q3LzJJ +c01VMS8yZWJxQkN5bXVuNjhXUkFzClpuT2k5aFFWQjNsNjlNSHc0Q2xZWFdDeGxY +V2ZBNDNYN3lsZlFrTUkvNmMKLT4gc3NoLWVkMjU1MTkgWmUxTXdRIDBrYkk1akZE +NFc0UUsrV1RlbW02NU9ZTlcyRGRMUGVmOWtwOW9VaXY4U1UKeklYZUdtci8xYzg5 +Rnc0V1M4QktScUVwSG1JcnprT2pMdDJWYVJmVTdDcwotPiBzc2gtZWQyNTUxOSBw +ZUZCUWcgQzdTcmtaZER3Zk40OVFpRU9pTDhqTHBFWTA4SS9NY0g1RE10ejJtdjlU +RQptZ3FQMmNnYzBEc3BpUDdNYTg4U3U1SFhDb05KdnIzV0VzT3pXT1psOVE0Ci0+ +IHNzaC1lZDI1NTE5IDl2LzJIQSBzRko3NGlWUmpDb1U0WXpKN0lraDYzTWlIYTFj +OStWa2NzMEQvNzN0UlFRCk1LeUZSVFdPa3NpY2M1eUIxRHhqV1BFNlpjN2Ntb2Rq +dkFveVdxRFpod2MKLT4gc3NoLWVkMjU1MTkga0hrMmdBIEEzOTVLTzg3d0ZYaTgz +TXdJYkZlcVVqQm5KaXVDaEZlbWw5OU1jNkw0eFEKVjZra3dac0NUQ2pBZnRFMGND +Qm8wbkdVQytxQnpGSzNjSjJtVTk2dEhSSQotPiBzc2gtZWQyNTUxOSBJb3NBQlEg +UVpVWHV2OWdWYnhydTJZODRzVEdWQVhFODFQWFVVSWw5NWJocXduY2hDMApnUDNM +UXkxL2NTQWVVeUdkeHdHbnE4cFJXMExLK0IxWUxlQlBFVlllOWVZCi0+ICozLWdy +ZWFzZSBgS1gtOiBuK18KbThIa1FGM25sc0o1UU1yWlFoY20vNS9oRGdpQmQxWXBr +cnVwaHd1cDgwdGpGQkQrREs4dwotLS0gUHRYWjF4OUV4NVhESlo3LytqdzVOTHNU +Z1ROdmJ4SHkyZGhzQlJXeWw4MApz+OC1nGrL+AgkWWYC3bYmEZ4WE7wUiBGSQjuu +MFlv1EBOveOzJ9eKKdR+zOl0Zo+pL6TrUUju6iaIvPd16x8NBiiDGmiAkpM9qcQv +CG/KFcP5kq5Ddx9rGqvOTn8YTk7Se10BmBEduERWtSuv6yEngrAJzF1QaeBM2PXH ++TxPlblCbiE3g9Dk6c+0S74izVAz+1cD8Lwx7n/7DX6gHtIoSMIDi38mfy9baZdl +Zcaw8Nr/wgBT61U2ywXGc9h50Jec1zUXfBEdLZQCFNpnZjntxh+obvdM43HJzRkz +sF9UXXWrvQrP21xxxa1wYy2UNANAHqMegUVNIZZfncF0lnA38sJDX8nsYKaIsnce +CnacNDrf2gpZkk6Ml5Pjcc85B1dE3DOrogg/Dq84c+JtN9r5N3mrzBHeg4xc8dOX +GGq1+9a4w/w2CvvoRbFXxSxo7a/B73oeNggsHCcZ+o2CG/eR1mDNznU6XSW/1dMg +FnEBJB4vAG/fejLMHHWNb4bfa89Oba7wN2oHKm41cf+JWHJ0/Thn1k6DzcWRoHtc +kJS1Zr8mQw== +-----END AGE ENCRYPTED FILE----- diff --git a/flakes/secrets/obsidian_sync_env.age b/common/secrets/secrets/obsidian_sync_env.age similarity index 100% rename from flakes/secrets/obsidian_sync_env.age rename to common/secrets/secrets/obsidian_sync_env.age diff --git a/common/secrets/secrets/openwebui_env.age b/common/secrets/secrets/openwebui_env.age new file mode 100644 index 0000000..66eee18 --- /dev/null +++ b/common/secrets/secrets/openwebui_env.age @@ -0,0 +1,15 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USBORVRn +WmpIQStaRnV3QU9wMStQWHJMTklhb21nM3YyRE1xdWNxcWZEelRnCnZvckQ1K0hE +UkNyZGIvTFhpU1JtcXgzTy9QK2hhV2JYcm9nczJSbXgyS1kKLT4gc3NoLWVkMjU1 +MTkgcGVGQlFnIFU4QndCcjhFbG05M1prbGkwcFlYWU1WT1NkU3ZCZ09SQm9sMERC +OGZnMGMKbnBqNzd2dnBQT3R2YXBraEZKVFBJeHJXU1RhOWwwNHdGbC95TzhDM1g4 +MAotPiBzc2gtZWQyNTUxOSA5di8ySEEgOGdMRXZ4cnd0VFdxNlBHYlI0S2pCTkZo +dGtnUm4vaGFQanpKMFRjVjdHSQo1aStST0hFdkR4T0syekFZZXM1b1JBbXV4bFB0 +RVIyRG0raEZDVmt3L3owCi0+IGxLPUBZOS1ncmVhc2UgOyAqIH06U1EgQCRXdn1K +CnpSdjUwaDI1eWE3ckNBCi0tLSB2ZTJVTHphZVhBQndhUU1GZTYvYlFMT3h6cVRE +SzBoK2sySStmWm9SSnU4CjTkglKu9/CMRrbdagHF1uNxTOBSthOhyAgfcHLXHwXe +dtZiEnev479tMoIo2OXi5ODZpz1LTCkBMO0yRY6JlmNVlwpByNJkyij5bwXbUiPy +Mk9airOI/s5fIEIStb6ei8TMgy68trToK8JUmBtK8JzL9fkJDET9YyQh8N3BTUMR +8M2cUXX1qFjP7dyRDOQiq3LQEKpywUIuGNASDw== +-----END AGE ENCRYPTED FILE----- diff --git a/flakes/secrets/secrets.nix b/common/secrets/secrets/secrets.nix similarity index 96% rename from flakes/secrets/secrets.nix rename to common/secrets/secrets/secrets.nix index 4a1cfa9..b402367 100644 --- a/flakes/secrets/secrets.nix +++ b/common/secrets/secrets/secrets.nix @@ -115,24 +115,21 @@ in publicKeys = trustedKeys; }; "headscale_auth.age" = { - publicKeys = trustedKeys ++ o001; + publicKeys = trustedKeys; }; + # "obsidian_sync_env.age" = { + # publicKeys = trustedKeys; + # }; "us_chi_wg.age" = { publicKeys = trustedKeys; }; "zitadel_master_key.age" = { publicKeys = authorityKey ++ h001; }; - "oauth2_proxy_key_file.age" = { - publicKeys = authorityKey ++ h001; - }; "openwebui_env.age" = { publicKeys = authorityKey ++ h001; }; "vaultwarden_env.age" = { publicKeys = authorityKey ++ o001; }; - "linode_rw_domains.age" = { - publicKeys = trustedKeys; - }; } diff --git a/common/secrets/secrets/us_chi_wg.age b/common/secrets/secrets/us_chi_wg.age new file mode 100644 index 0000000..94a440b --- /dev/null +++ b/common/secrets/secrets/us_chi_wg.age @@ -0,0 +1,46 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USBFazhx +VVN3VXgrWXdWZzNwOHdIVzZSSTlRa2lEYjhXRzlCWXZhMmQ2QXdzCms5MmpGZ0hW +c3JYM25mNWliNHlxNG14ZHppcWU3QmhxVHVwS0QwaWNaN0kKLT4gc3NoLWVkMjU1 +MTkgSmh2TCtRIE5Cd0M1S0ZCWTVXZ2lLR3NzV2lTb3dubHRyQmlsMDF2TFZLM1B2 +bnBMaGMKSE9ad3BrSEF1T0g2bkN5SjAxOEdjSytIWGxSN0t4ZDlQSkpVRzE5ellm +QQotPiBzc2gtZWQyNTUxOSBTcENqQlEgYllQVWlYUnZ2cjJ5N0t2WFJWMG5ReG03 +V3pkSzFEK2syRzd5R0NyVFdEdwpNODJLenpIZVByL0hPSEFFbG1FVnBpeU1relhl +R1dpamwwV1JoWG9CNmprCi0+IHNzaC1lZDI1NTE5IEJZS0crdyBFTSt3Z2UrQStY +Vk5LeXFETkdmeXdGSVcwTlA4bzJKK2poZFNUL1Qvb1NFClpIUHVWV3Q0RTViRzBI +aG5QTTZCazUralExS0NRUWF0cVNZTlZIaC9mQ0kKLT4gc3NoLWVkMjU1MTkgWHpm +bWFRIDF4Z1RmZkJrblIrQ1NqU0hDNWpPYS9sUUJJTWFQOGNJejduTkdLbFBJQ2MK +b3hXd09EaGNPaUQ5ZnIyNHlpK2hSWm5WV0lERm5xcWQxa3hGaDVTRzFYVQotPiBz +c2gtZWQyNTUxOSBSNSt4ZncgY09RbXM3WmlDMVVRMTdKRjN6aktFY20zNjJmMFBY +ajQ1VjRwQXVqRkN6WQpiaDdRNmtBUy8xMksyQld5bTMzTXlMVnhQQzU2a1RQdE5z +dGhpWWxXRThNCi0+IHNzaC1lZDI1NTE5IFJvWDVQUSBTQzhUY01rOFlCV1ZQbGhJ +dGFTK00wZnNyRGVYNjQ5T3dtZENDSHpycUdzCjNZNVd5dWkrWG9lMWdhZVJQUE4w +SHl4dmpwU25PSDZWVkZUTjZtWmNhSjgKLT4gc3NoLWVkMjU1MTkgRjRiYjhnIEFH +WmNFL1ZYazFZNVB0R1JYTFpBNk50U0VWazBhOGh2SDhHdGlwRWdSeHMKemUwNXN0 +aEdMdGJVZmdpWFN2Zm1BT2wrQzFBR0hIUi85ZHFSSVd3NklXMAotPiBzc2gtZWQy +NTUxOSB3ZHJaSkEgejVkVURQd3hrQ2pyMU9MVG9VTG9VZmtKbmtDZHU0RjdHM2lz +c2VTTy9FYwpUZTBkaU1rQmsxaWRzTjhvdis2VUZJV09Vb3g2VTNNVHN0Z1llazRL +U0VBCi0+IHNzaC1lZDI1NTE5IDVhZHFNZyBrRXNWcHk2akc1bVZBbitQcUlLYU5B +cmRnSWM2dkVKU1p3dk1ueUo0bUc0CmEzdjF0dUgrOXhETWRDaGlDQU4zTWxXNXBS +TUs4V3U5VWNNczNTVDNLb00KLT4gc3NoLWVkMjU1MTkgWmUxTXdRIERULzFFSERl +b2ZNa2tzSDhZbDVJb0RndDFBRzlBc2dxcWJMcmcrMFJUaDQKY25kejI4VDVrYkUx +OWo2M0hLRFBLNi9HeXc1elVVTTY5Q094RFUxQUlTUQotPiBzc2gtZWQyNTUxOSBw +ZUZCUWcgTlpTeVFPOUFMc0hNNkZJZGxJSVltS0JEVnFoRWNBWGpLUVNwR1pPZXlT +YwpUTjJPak8xTWtlUEdFNDZhMVBxWE5xMGZlUFFmQlpkWkh5UDdqeW1SeHlRCi0+ +IHNzaC1lZDI1NTE5IDl2LzJIQSBZVWtxQWNwcDdxMUdtSVNzT3hkNjMvVXUzd1Vp +bXp2YTVOOGFyMDJPV0dzClhkZXNpbGVLUGV4SE5CSDIzYTNRRkg0ZXh0MEdDNnhz +aEtReUJES3ZsbWsKLT4gc3NoLWVkMjU1MTkga0hrMmdBIE1iRkpLbzJnZFVObkNQ +SzI5K3krcjJvMDNhRXduWFhXd2RWUDBTdWpVaHMKMnFlRGFsSnlTMStZbnhYeG5U +Yng1TXZOTSswc1FXY00wSTErUzNDTzhvawotPiBzc2gtZWQyNTUxOSBJb3NBQlEg +QVFhZlJhRjNsdndHa0RPaVJoYUMrNTRoY29iUWNXdXJvS0hBb3VMU0oydwp0dmdo +amFxNGJnanRCREt3ZFhld0M4UFk1WmM2RmJmVTY4b0g0RkJXYnJVCi0+IGgnMTZv +d2dGLWdyZWFzZSBQMkEKbThTYkxNa3YwK2xXbUhxb2RqQnd6UUl6a0JVcnVPR050 +ZFZCNmpjCi0tLSA0QVdjZEIrOWhUaVpHNytqY0h3eExLVWc0djlDRWtQVEZuWHM5 +YlVydnljCo/0r5CGdm/VW7wxgZhkhisHJbstH3r3YrghiSORsBwxX+GaKIziS1ns +MyRg6TWoWjIUe4epfGzqton35ekvrXWxGlLCuIkQgY1frgPTE4kZdm/T1pqzZpQ0 +4vZkl7nVd4k9oayv2LfpN8loG8npcwLfSKeVFCEooTOs+M3eH+wCEUd4r+TjfG3D +ZT2eAX9HethENX4GQxN+RQagyWOlnZVpf6QYnwg/bzRGtRSDLVYqmLJd5BbOrON7 +XN65I5DX2kBGtB3Y3F15hHjGxHFyded4bO9w/SF+jOM+yGnTnTQ1G7FSw0T8dwWo +7laPDx5WSM1zop0jLJ5iyZjNWJJt/j8t9FBGdqxtPUxP4jPVTTEiYJbtTauZtRUN +rc3UbQvDJTArGbwAQsTlYuMd59oIy2+cgpYHyhW2cPixL/VHxRYupNWj8g== +-----END AGE ENCRYPTED FILE----- diff --git a/common/secrets/secrets/vaultwarden_env.age b/common/secrets/secrets/vaultwarden_env.age new file mode 100644 index 0000000..083ba6c --- /dev/null +++ b/common/secrets/secrets/vaultwarden_env.age @@ -0,0 +1,20 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USBMZ0VT +QWNCOUNSZ3ZPcmFFcXMvZkFqMVkxV1dRSDNLOTFzUExoc0F3dENFCldFZHdNSDdm +ZUR2eC94Y0cyRWJnTTRnSTlTRUlUSHlLS09IS2ZwZmVhOU0KLT4gc3NoLWVkMjU1 +MTkgc2EwSmpnIGlNaHFLQ0tZeFFLR1ZPZnpCbHEzdlZXWUxjWFNmMUdMVjdQUHlJ +cTJUVkEKcERQMVNNcmxQekUra2tUNUhyVTAxVThSb3RPRFBOOWMwRlFqUnRQQm13 +RQotPiAiXzVSX3wtZ3JlYXNlICpQMQpHUk5aSHJPRnNjQVR4Y2Q2TkhzU01SWWhh +TjBpb1JXbVFwSUxlT1BObEg0N2syNUJjUlc2TVJueVlyTXJRckQwCnhNOUZIVlVh +UG96d0pibVJsdmdNekJFUHg0NXFpa1JSd2lBdzN2S2JxenVMNVpWQ2hxRXlWUjFy +TWcKLS0tIG1QMHV3VW5VM25QVW80aUZOeEpTNG1qYksvQnE5emhBdzBuM2VMZE5n +VTQK6avsHayBgGGdjkwRORdaAz8mwLcxvI3YCMYwXjXCvJmIvlQerUEkDOU9D8sL +I+aSD5YCoHoJ5FsIOox5WWYEVcPxR/y1G2m3pAhZh1ner0Ckw29gsjdmckNwtSSr +tTrSve34ZEij1O7gfO30hW+Kd4579QWH/diFTrP88DjopqsaTWyh+A5A3WP6NxhJ +U0uL5RIPPGCMs0peqZG1Y44KRlt79hKELop4CwyF/06a3Oxuze5vifGl7+mogq0A +Xp3NgWR5AM2Fu+NfEQDUHU1R/CpyY6+VcTZWi8iu0/XfEiIQ4n5JSYNtd3ZL0ldL +WRoNdpA04IiCWM7fnRdDRVRGw9bDJ840oeBiSvbRqIt+uykEndEzKCxXh/jWvP+X +tBj05Rt2Qj3xAsq7yzsvK7vzacjV8fU2kNpxDvhVLQO8TBI5z7Sofu4Cy2fFY1F7 +J7JABO+kciZ23gdEofrHusv3oZvu2eQ5PO1FXCSsZzalum2cWWou11QDi3Vt65kN +wjleyKCDx4a68n7IoS2GOCpDw/G0ACmHrTSnztaO +-----END AGE ENCRYPTED FILE----- diff --git a/common/secrets/secrets/zitadel_master_key.age b/common/secrets/secrets/zitadel_master_key.age new file mode 100644 index 0000000..3b07b55 --- /dev/null +++ b/common/secrets/secrets/zitadel_master_key.age @@ -0,0 +1,15 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USAyWGFw +bUJNQkwvcjRKUWU5WWozTWZHb21IdDNlT0VwK21LQ2FZNEJWWWxJCjBBUDV4MkRt +Y3F5TWVMN0xLMjBibkJMcmUwdEwxM2pONUlLSU1EOXV5dXMKLT4gc3NoLWVkMjU1 +MTkgcGVGQlFnIGJPcEx2TnFZZjVicDlYaVdwRmJHSnIvZlpRNkx5RG8zVmZTaTFq +bmkwM1kKK0o3ZVViNnBjS2NZbFV4TERBczJNQWxtWU1IYTNoL1EzQlNxWHhFNDZL +TQotPiBzc2gtZWQyNTUxOSA5di8ySEEgZm5nYXdJMElxVTE4TnVnY0xSVFVtMXFs +NTNobnI1MjdMNDhWRmpkL1BnSQpXRHcwSVVCajFhQlp4N2J5VGhKc3E2eHpYZmd6 +TlU2MXdtdmNrSUJpZjFFCi0+IG5wImA0LWdyZWFzZQpuSHRTckxXVTd4eTFETWE4 +MEQ0QXNaTzhSTmFOdjI5Vyt1bDVRU1k5dExiUVk3bEdCeGN2UFV4Y3RTR1MvalNn +CkhHWFF4TGtPcktieDZnQTRkdk9ndnllU05zSVlMOWh0R1ZncUlWNy9WZURiCi0t +LSAxdW84VUg5d21jT2hrNEJ0NlBES1NRRjU4b05JQW80dk9IL29LZGlST0FjCnt8 +t+yvFWU0LlFGAWmLc9i4XFUpexZf8rC2bfw3FkNPuCzAyvbowhBJnGkqK+2C+mtL +za43EsGaLvA5s8ObhLw= +-----END AGE ENCRYPTED FILE----- diff --git a/common/users/default.nix b/common/users/default.nix new file mode 100644 index 0000000..8561d8d --- /dev/null +++ b/common/users/default.nix @@ -0,0 +1,56 @@ +{ + config, + lib, + ... +}: +let + ccfg = import ../config.nix; + cfg_path = [ + ccfg.custom_config_key + "users" + ]; + cfg = lib.attrsets.getAttrFromPath cfg_path config; + top_cfg = config.${ccfg.custom_config_key}; +in +{ + options = + { } + // lib.attrsets.setAttrByPath cfg_path { + admins = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = [ ]; + example = [ "josh" ]; + description = '' + List of users to be added to the system. + ''; + }; + primary = lib.mkOption { + type = lib.types.str; + default = lib.optionalString (cfg.admins != [ ] && cfg.admins != null) ( + builtins.elemAt cfg.admins 0 + ); + description = "The primary user of the system."; + }; + users = lib.mkOption { + type = lib.types.attrsOf lib.types.attrs; + default = { }; + description = "Normal users to configure (not for system users). Should match nix options of users.userser..*"; + }; + }; + config = { + users.users = lib.mapAttrs ( + name: userConfig: + userConfig + // { + inherit name; + isNormalUser = lib.mkIf (name != "root") true; + initialPassword = + if (lib.hasAttr "initialPassword" userConfig) then userConfig.initialPassword else "password1"; + extraGroups = + lib.optionals (builtins.elem name cfg.admins) [ "wheel" ] ++ (userConfig.extraGroups or [ ]); + } + ) cfg.users; + + programs.nh.flake = lib.mkIf (lib.hasAttr "primary" cfg) "/home/${cfg.primary}/.config/nixos-config/hosts/${top_cfg.systemName}"; + }; +} diff --git a/flake.lock b/flake.lock index c0c2de1..d32edcb 100644 --- a/flake.lock +++ b/flake.lock @@ -1,12 +1,165 @@ { "nodes": { + "agenix": { + "inputs": { + "darwin": "darwin", + "home-manager": "home-manager_2", + "nixpkgs": [ + "ragenix", + "nixpkgs" + ], + "systems": "systems" + }, + "locked": { + "lastModified": 1736955230, + "narHash": "sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA=", + "owner": "ryantm", + "repo": "agenix", + "rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c", + "type": "github" + }, + "original": { + "owner": "ryantm", + "repo": "agenix", + "type": "github" + } + }, + "crane": { + "locked": { + "lastModified": 1741481578, + "narHash": "sha256-JBTSyJFQdO3V8cgcL08VaBUByEU6P5kXbTJN6R0PFQo=", + "owner": "ipetkov", + "repo": "crane", + "rev": "bb1c9567c43e4434f54e9481eb4b8e8e0d50f0b5", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, + "darwin": { + "inputs": { + "nixpkgs": [ + "ragenix", + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1700795494, + "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", + "type": "github" + }, + "original": { + "owner": "lnl7", + "ref": "master", + "repo": "nix-darwin", + "type": "github" + } + }, + "flake-utils": { + "inputs": { + "systems": "systems_2" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": "nixpkgs" + }, + "locked": { + "lastModified": 1758313341, + "narHash": "sha256-SsI6INUzWwPcRKRaxvi50RttnD9rcC4EjV+67TOEfrQ=", + "owner": "rycee", + "repo": "home-manager", + "rev": "6f656618ebc71ca82d93d306a8aecb2c5f6f2ab2", + "type": "github" + }, + "original": { + "owner": "rycee", + "ref": "release-25.05", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_2": { + "inputs": { + "nixpkgs": [ + "ragenix", + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1703113217, + "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "nix-flatpak": { + "locked": { + "lastModified": 1739444422, + "narHash": "sha256-iAVVHi7X3kWORftY+LVbRiStRnQEob2TULWyjMS6dWg=", + "owner": "gmodena", + "repo": "nix-flatpak", + "rev": "5e54c3ca05a7c7d968ae1ddeabe01d2a9bc1e177", + "type": "github" + }, + "original": { + "owner": "gmodena", + "ref": "latest", + "repo": "nix-flatpak", + "type": "github" + } + }, "nixpkgs": { "locked": { - "lastModified": 1760524057, - "narHash": "sha256-EVAqOteLBFmd7pKkb0+FIUyzTF61VKi7YmvP1tw4nEw=", + "lastModified": 1753345091, + "narHash": "sha256-CdX2Rtvp5I8HGu9swBmYuq+ILwRxpXdJwlpg8jvN4tU=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "3ff0e34b1383648053bba8ed03f201d3466f90c9", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-25.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1758198701, + "narHash": "sha256-7To75JlpekfUmdkUZewnT6MoBANS0XVypW6kjUOXQwc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "544961dfcce86422ba200ed9a0b00dd4b1486ec5", + "rev": "0147c2f1d54b30b5dd6d4a8c8542e8d7edf93b5d", "type": "github" }, "original": { @@ -16,9 +169,101 @@ "type": "github" } }, + "nixpkgs_3": { + "locked": { + "lastModified": 1741379970, + "narHash": "sha256-Wh7esNh7G24qYleLvgOSY/7HlDUzWaL/n4qzlBePpiw=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "36fd87baa9083f34f7f5027900b62ee6d09b1f2f", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "ragenix": { + "inputs": { + "agenix": "agenix", + "crane": "crane", + "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs_3", + "rust-overlay": "rust-overlay" + }, + "locked": { + "lastModified": 1744897914, + "narHash": "sha256-GIVU92o2TZBnKQXTb76zpQbWR4zjU2rFqWKNIIpXnqA=", + "owner": "yaxitech", + "repo": "ragenix", + "rev": "40f2e17ecaeab4d78ec323e96a04548c0aaa5223", + "type": "github" + }, + "original": { + "owner": "yaxitech", + "repo": "ragenix", + "type": "github" + } + }, "root": { "inputs": { - "nixpkgs": "nixpkgs" + "home-manager": "home-manager", + "nix-flatpak": "nix-flatpak", + "nixpkgs": "nixpkgs_2", + "ragenix": "ragenix" + } + }, + "rust-overlay": { + "inputs": { + "nixpkgs": [ + "ragenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1741400194, + "narHash": "sha256-tEpgT+q5KlGjHSm8MnINgTPErEl8YDzX3Eps8PVc09g=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "16b6045a232fea0e9e4c69e55a6e269607dd8e3f", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" } } }, diff --git a/flake.nix b/flake.nix index 1444a5b..8dab2ba 100644 --- a/flake.nix +++ b/flake.nix @@ -1,13 +1,23 @@ { inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + + # Manually synced with common/flake.nix inputs + # ===== + home-manager.url = "github:rycee/home-manager/release-25.05"; + ragenix.url = "github:yaxitech/ragenix"; + nix-flatpak.url = "github:gmodena/nix-flatpak/?ref=latest"; + # ====== }; outputs = { nixpkgs, + home-manager, + ragenix, + nix-flatpak, ... - }: + }@inputs: let # Utilities inherit (nixpkgs) lib; @@ -15,6 +25,8 @@ forAllSystems = lib.genAttrs lib.systems.flakeExposed; # Create a mapping from system to corresponding nixpkgs : https://nixos.wiki/wiki/Overlays#In_a_Nix_flake nixpkgsFor = forAllSystems (system: nixpkgs.legacyPackages.${system}); + + commonFlake = (import ./common/flake.nix).outputs inputs; in { devShells = forAllSystems ( @@ -56,5 +68,6 @@ }; } ); - }; + } + // commonFlake; } diff --git a/flakes/common/flake.nix b/flakes/common/flake.nix deleted file mode 100644 index 39470ef..0000000 --- a/flakes/common/flake.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ - description = "Common NixOS configuration modules and Home Manager modules that require not other inputs beyond nixpkgs or home-manager itself. This is made by me for me and not designed to be general purpose for anyone else, but could be useful nontheless."; - inputs = { }; - outputs = - { - ... - }: - let - utils = import ./utils.nix; - in - with utils; - { - nixosModules = importAll ./nix_modules; - homeManagerModules = importAll ./hm_modules; - }; -} diff --git a/flakes/common/hm_modules/de_i3/default.nix b/flakes/common/hm_modules/de_i3/default.nix deleted file mode 100644 index 8274537..0000000 --- a/flakes/common/hm_modules/de_i3/default.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ ... }: -{ - imports = [ ./i3.nix ./polybar.nix ./theme.nix ]; -} - diff --git a/flakes/common/hm_modules/de_i3/i3.nix b/flakes/common/hm_modules/de_i3/i3.nix deleted file mode 100644 index e6fb2ef..0000000 --- a/flakes/common/hm_modules/de_i3/i3.nix +++ /dev/null @@ -1,94 +0,0 @@ -{ pkgs, ... }: -{ - xsession.enable = true; - xsession.windowManager.i3 = { - enable = true; - package = pkgs.i3; - extraConfig = '' - focus_follows_mouse no - default_border pixel 1 - default_floating_border pixel 1 - floating_modifier Mod4 - - # Dark mode colors - client.focused #2e3440 #4c566a #eceff4 #4c566a #2e3440 - client.unfocused #2e3440 #2e3440 #d8dee9 #2e3440 #2e3440 - client.focused_inactive #2e3440 #3b4252 #e5e9f0 #3b4252 #2e3440 - client.urgent #2e3440 #bf616a #eceff4 #bf616a #2e3440 - ''; - config = rec { - modifier = "Mod4"; - terminal = "kitty"; - menu = "rofi -show drun"; - - - focus.followMouse = false; - - gaps = { - inner = 2; - outer = 5; - smartBorders = "on"; - }; - - keybindings = { - "${modifier}+Return" = "exec ${terminal}"; - "${modifier}+space" = "exec pkill rofi || rofi -show drun"; - "${modifier}+q" = "kill"; - "${modifier}+shift+Escape" = "exit"; - "${modifier}+shift+q" = "exec i3lock"; - "${modifier}+f" = "floating toggle"; - - "${modifier}+h" = "focus left"; - "${modifier}+l" = "focus right"; - "${modifier}+k" = "focus up"; - "${modifier}+j" = "focus down"; - - "${modifier}+1" = "workspace number 1"; - "${modifier}+n" = "workspace number 1"; - "${modifier}+2" = "workspace number 2"; - "${modifier}+m" = "workspace number 2"; - "${modifier}+3" = "workspace number 3"; - "${modifier}+comma" = "workspace number 3"; - "${modifier}+4" = "workspace number 4"; - "${modifier}+period" = "workspace number 4"; - "${modifier}+5" = "workspace number 5"; - "${modifier}+slash" = "workspace number 5"; - "${modifier}+6" = "workspace number 6"; - "${modifier}+7" = "workspace number 7"; - "${modifier}+8" = "workspace number 8"; - "${modifier}+9" = "workspace number 9"; - "${modifier}+0" = "workspace number 10"; - - "${modifier}+shift+h" = "move left"; - "${modifier}+shift+l" = "move right"; - "${modifier}+shift+k" = "move up"; - "${modifier}+shift+j" = "move down"; - "${modifier}+shift+1" = "move container to workspace number 1"; - "${modifier}+shift+n" = "move container to workspace number 1"; - "${modifier}+shift+2" = "move container to workspace number 2"; - "${modifier}+shift+m" = "move container to workspace number 2"; - "${modifier}+shift+3" = "move container to workspace number 3"; - "${modifier}+shift+comma" = "move container to workspace number 3"; - "${modifier}+shift+4" = "move container to workspace number 4"; - "${modifier}+shift+period" = "move container to workspace number 4"; - "${modifier}+shift+5" = "move container to workspace number 5"; - "${modifier}+shift+slash" = "move container to workspace number 5"; - "${modifier}+shift+6" = "move container to workspace number 6"; - "${modifier}+shift+7" = "move container to workspace number 7"; - "${modifier}+shift+8" = "move container to workspace number 8"; - "${modifier}+shift+9" = "move container to workspace number 9"; - "${modifier}+shift+0" = "move container to workspace number 10"; - - "${modifier}+Left" = "resize shrink width 10 px or 10 ppt"; - "${modifier}+Down" = "resize shrink height 10 px or 10 ppt"; - "${modifier}+Up" = "resize grow height 10 px or 10 ppt"; - "${modifier}+Right" = "resize grow width 10 px or 10 ppt"; - - "Print" = "exec sh -c 'maim -s | xclip -selection clipboard -t image/png'"; - }; - - bars = [ ]; - startup = [ ]; - }; - }; -} diff --git a/flakes/common/hm_modules/de_i3/polybar.nix b/flakes/common/hm_modules/de_i3/polybar.nix deleted file mode 100644 index e19f86b..0000000 --- a/flakes/common/hm_modules/de_i3/polybar.nix +++ /dev/null @@ -1,306 +0,0 @@ -{ lib, pkgs, ... }: -let - mf = "#3b3b3bcc"; - bg = "#00000000"; - fg = "#FFFFFF"; - - polybarRun = pkgs.writeShellScriptBin "pbr" '' - polybar -m | while IFS=: read -r mon rest; do - if echo "$rest" | ${pkgs.gnugrep}/bin/grep -q "(primary)"; then - MONITOR="$mon" polybar -r primary & - else - MONITOR="$mon" polybar -r others & - fi - done - wait - ''; -in -{ - services.polybar = { - enable = true; - package = pkgs.polybar.override { - i3Support = true; - iwSupport = true; - pulseSupport = true; - }; - script = "${polybarRun}/bin/pbr"; - settings = { - "global/wm" = { - margin-bottom = 0; - margin-top = 5; - }; - - "bar/main" = { - monitor = "\${env:MONITOR}"; - width = "100%"; - height = 20; - radius = 0; - background = bg; - foreground = fg; - font-0 = "JetBrainsMono Nerd Font:size=11;2"; - font-1 = "Noto Sans CJK JP:size=11;2"; - - cursor-click = "pointer"; - enable-ipc = true; - }; - - "bar/primary" = { - "inherit" = "bar/main"; - modules-left = "i3"; - modules-center = "clock temperature cpu memory filesystem"; - modules-right = "volume tray powermenu"; - # modules-right = "volume network bluetooth backlight tray powermenu"; - }; - - "bar/others" = { - "inherit" = "bar/main"; - modules-left = "i3"; - modules-center = "clock temperature cpu memory filesystem"; - modules-right = ""; - }; - - "settings" = { - screenchange-reload = true; - - compositing-background = "source"; - compositing-foreground = "over"; - compositing-overline = "over"; - comppositing-underline = "over"; - compositing-border = "over"; - - pseudo-transparency = true; - }; - - "module/i3" = { - type = "internal/i3"; - index-sort = true; - pin-workspaces = true; - strip-wsnumbers = true; - wrapping-scroll = false; - format = ""; - - ws-icon-0 = "1;一"; - ws-icon-1 = "2;二"; - ws-icon-2 = "3;三"; - ws-icon-3 = "4;四"; - ws-icon-4 = "5;五"; - ws-icon-5 = "6;六"; - ws-icon-6 = "7;七"; - ws-icon-7 = "8;八"; - ws-icon-8 = "9;九"; - ws-icon-9 = "10;十"; - - label-unfocused = "%icon%"; - label-focused = "%icon%"; - label-focused-background = mf; - label-visible = "%icon%"; - label-urgent = "%icon%"; - label-occupied = "%icon%"; - - label-unfocused-padding = 1; - label-focused-padding = 1; - label-visible-padding = 1; - label-urgent-padding = 1; - label-occupied-padding = 1; - }; - - "module/clock" = { - type = "internal/date"; - interval = 10; - date = "%b %d, %H:%M"; - format = "