ringofstorms/dotfiles
ringofstorms/dotfiles
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: ringofstorms:master
Branches Tags
ringofstorms:master
ringofstorms:i3
..
compare: ringofstorms:i3
Branches Tags
ringofstorms:master
ringofstorms:i3

3 commits
master ... i3

Author SHA1 Message Date
RingOfStorms (Joshua Bell)
9a7fa1be4d eh it is not working 2025-09-20 10:18:30 -05:00
RingOfStorms (Joshua Bell)
e3689e5b26 working on i3 2025-09-19 18:02:18 -05:00
RingOfStorms (Joshua Bell)
e77dec2d94 i3 draft 2025-09-19 17:11:15 -05:00
241 changed files with 8310 additions and 8126 deletions
Download patch file Download diff file Expand all files Collapse all files

196
common/_containers/forgejo.nix Normal file
View file

@ -0,0 +1,196 @@
{
config,
lib,
...
}:
let
name = "forgejo";
hostDataDir = "/var/lib/${name}";
hostAddress = "10.0.0.1";
containerAddress = "10.0.0.2";
hostAddress6 = "fc00::1";
containerAddress6 = "fc00::2";
binds = [
# Postgres data, must use postgres user in container and host
{
host = "${hostDataDir}/postgres";
# Adjust based on container postgres data dir
container = "/var/lib/postgresql/17";
user = "postgres";
uid = config.ids.uids.postgres;
gid = config.ids.gids.postgres;
}
# Postgres backups
{
host = "${hostDataDir}/backups/postgres";
container = "/var/backup/postgresql";
user = "postgres";
uid = config.ids.uids.postgres;
gid = config.ids.gids.postgres;
}
# App data, uses custom user uid
{
host = "${hostDataDir}/data";
container = "/var/lib/forgejo";
user = "forgejo";
uid = 115;
gid = 115;
}
];
uniqueUsers = lib.foldl' (
acc: bind: if lib.lists.any (item: item.user == bind.user) acc then acc else acc ++ [ bind ]
) [ ] binds;
users = {
users = lib.listToAttrs (
lib.map (u: {
name = u.user;
value = {
isSystemUser = true;
name = u.user;
uid = u.uid;
group = u.user;
};
}) uniqueUsers
);
groups = lib.listToAttrs (
lib.map (g: {
name = g.user;
value.gid = g.gid;
}) uniqueUsers
);
};
in
{
# Ensure users exists on host machine with same IDs as container
inherit users;
# Ensure directories exist on host machine
system.activationScripts.createMediaServerDirs = ''
${lib.concatStringsSep "\n" (
lib.map (bind: ''
mkdir -p ${bind.host}
chown -R ${toString bind.user}:${toString bind.gid} ${bind.host}
chmod -R 750 ${bind.host}
'') binds
)}
'';
containers.${name} = {
ephemeral = true;
autoStart = true;
privateNetwork = true;
hostAddress = hostAddress;
localAddress = containerAddress;
hostAddress6 = hostAddress6;
localAddress6 = containerAddress6;
bindMounts = lib.foldl (
acc: bind:
{
"${bind.container}" = {
hostPath = bind.host;
isReadOnly = false;
};
}
// acc
) { } binds;
config =
{ config, pkgs, ... }:
{
system.stateVersion = "24.11";
networking = {
firewall = {
enable = true;
allowedTCPPorts = [
3000
3032
];
};
# Use systemd-resolved inside the container
# Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
useHostResolvConf = lib.mkForce false;
};
services.resolved.enable = true;
# Ensure users exist on container
inherit users;
services.postgresql = {
enable = true;
package = pkgs.postgresql_17.withJIT;
enableJIT = true;
authentication = ''
local all all trust
host all all 127.0.0.1/8 trust
host all all ::1/128 trust
host all all fc00::1/128 trust
'';
};
# Backup database
services.postgresqlBackup = {
enable = true;
};
services.forgejo = {
enable = true;
dump = {
enable = false;
type = "tar.gz";
};
database = {
type = "postgres";
};
settings = {
DEFAULT = {
APP_NAME = "Josh's Git";
};
server = {
PROTOCOL = "http";
DOMAIN = "git.joshuabell.xyz";
HTTP_ADDR = "0.0.0.0";
HTTP_PORT = 3000;
START_SSH_SERVER = true;
SSH_DOMAIN = "git.joshuabell.xyz";
SSH_LISTEN_HOST = "0.0.0.0";
SSH_LISTEN_PORT = 3032; # actual listen port
SSH_PORT = 3032; # used in UI
BUILTIN_SSH_SERVER_USER = "git";
LANDING_PAGE = "explore";
};
service = {
DISABLE_REGISTRATION = true;
ENABLE_BASIC_AUTHENTICATION = false;
DISABLE_USERS_PAGE = true;
DISABLE_ORGANIZATIONS_PAGE = true;
};
repository = {
# ENABLE_PUSH_CREATE_USER = true;
# ENABLE_PUSH_CREATE_ORG = true;
DISABLE_STARS = true;
DEFAULT_PRIVATE = "private";
};
admin = {
DISABLE_REGULAR_ORG_CREATION = true;
USER_DISABLED_FEATURES = "deletion";
};
other = {
SHOW_FOOTER_POWERED_BY = false;
SHOW_FOOTER_VERSION = false;
SHOW_FOOTER_TEMPLATE_LOAD_TIME = false;
};
migrations = {
ALLOWED_DOMAINS = "*.github.com,github.com";
ALLOW_LOCALNETWORKS = true;
};
};
};
};
};
}

7
common/_containers/obsidian_sync.md Normal file
View file

@ -0,0 +1,7 @@
docker run \
-e hostname=https://obsidiansync.joshuabell.xyz \
-e database=obsidian_sync \
-e username=obsidian_admin \
-e password=$REPLACE \
docker.io/oleduc/docker-obsidian-livesync-couchdb:master \
deno -A /scripts/generate_setupuri.ts

61
common/_containers/obsidian_sync.nix Normal file
View file

@ -0,0 +1,61 @@
{
config,
pkgs,
...
}:
let
cfg = config.services.obsidian_sync;
in
{
options.services.obsidian_sync =
let
lib = pkgs.lib;
in
{
port = lib.mkOption {
type = lib.types.port;
default = 5984;
description = "Port number for Obsidian Sync CouchDB server";
};
dataDir = lib.mkOption {
type = lib.types.path;
default = "/var/lib/obsidian_sync";
description = "Directory to store Obsidian Sync data";
};
serverUrl = lib.mkOption {
type = lib.types.str;
description = "URL of the Obsidian Sync server";
};
dockerEnvFiles = lib.mkOption {
type = lib.types.listOf lib.types.path;
default = [ ];
description = "List of environment files to be used by the Obsidian Sync container. When provided you must supply chouchdb user/password env files they will not be supplied by default.";
};
};
config = {
virtualisation.oci-containers.containers = {
#############
# obsidian_sync #
#############
obsidian_sync = {
user = "root";
image = "docker.io/oleduc/docker-obsidian-livesync-couchdb:master";
ports = [
"${toString cfg.port}:${toString cfg.port}"
];
environment = {
SERVER_URL = cfg.serverUrl;
COUCHDB_DATABASE = "obsidian_sync";
COUCHDB_USER = pkgs.lib.mkIf (cfg.dockerEnvFiles == [ ]) "adminu";
COUCHDB_PASSWORD = pkgs.lib.mkIf (cfg.dockerEnvFiles == [ ]) "Password123";
};
environmentFiles = cfg.dockerEnvFiles;
volumes = [
"${cfg.dataDir}/data:/opt/couchdb/data"
"${cfg.dataDir}/config:/opt/couchdb/etc/local.d"
];
};
};
};
}

52
common/_home_manager/default.nix Normal file
View file

@ -0,0 +1,52 @@
{
config,
lib,
hyprland,
hyprlandPkgs,
...
}:
let
ccfg = import ../config.nix;
cfg_path = [
ccfg.custom_config_key
"homeManager"
];
cfg = lib.attrsets.getAttrFromPath cfg_path config;
in
{
options =
{ }
// lib.attrsets.setAttrByPath cfg_path {
users = lib.mkOption {
type = lib.types.attrsOf lib.types.attrs;
default = { };
description = "Home manager users to configure. Should match nix options of home-manager.users.<name>.*";
};
stateVersion = lib.mkOption {
type = lib.types.str;
default = "25.05";
description = "Home manager state version";
};
};
config = {
# Home manager options
security.polkit.enable = true;
home-manager.useUserPackages = true;
home-manager.useGlobalPkgs = true;
home-manager.backupFileExtension = "bak";
home-manager.extraSpecialArgs = {
inherit hyprland hyprlandPkgs;
};
home-manager.users = lib.mapAttrs' (name: userConfig: {
inherit name;
value = userConfig // {
home.stateVersion = cfg.stateVersion;
programs.home-manager.enable = true;
home.username = name;
home.homeDirectory = lib.mkForce (if name == "root" then "/root" else "/home/${name}");
};
}) cfg.users;
};
}

1
flakes/common/hm_modules/alacritty.nix → common/_home_manager/mods/alacritty.nix
View file

@ -6,7 +6,6 @@
window = {
decorations = "None";
dynamic_title = false;
opacity = 0.94;
};
colors = {
primary = {

8
flakes/common/hm_modules/atuin.nix → common/_home_manager/mods/atuin.nix
View file

@ -1,18 +1,16 @@
{ ... }:
# TODO setup auto secret/login for sync
{
programs.atuin = {
enable = true;
enableZshIntegration = true; # TODO make dynamic?
enableZshIntegration = true;
flags = [ "--disable-up-arrow" ];
settings = {
workspaces = true;
exit-mode = "return-query";
enter_accept = true;
sync_address = "https://atuin.joshuabell.xyz";
sync = {
records = true;
};
sync = { records = true; };
};
};
}

0
flakes/common/hm_modules/direnv.nix → common/_home_manager/mods/direnv.nix
View file

61
common/_home_manager/mods/foot.nix Normal file
View file

@ -0,0 +1,61 @@
{ config, lib, ... }:
{
options.components.foot = {
font_size = lib.mkOption {
type = lib.types.float;
default = 12.0;
description = "Font size for Foot terminal";
};
alpha = lib.mkOption {
type = lib.types.float;
default = 0.94;
description = "Background opacity for Foot terminal (1.0 = opaque)";
};
};
config = {
programs.foot = {
enable = true;
# This renders to ~/.config/foot/foot.ini
settings = {
main = {
# Use the same font and size as your Kitty config
font = "JetBrainsMonoNL Nerd Font:size=${toString config.components.kitty.font_size}";
# Initial window size in character cells (Kitty used 160c x 55c)
"initial-window-size-chars" = "160x55";
};
colors = {
# Background opacity (1.0 = opaque)
alpha = toString config.components.foot.alpha;
# Foreground/background
foreground = "e0e0e0";
background = "262626";
# 16-color palette
# normal (07)
regular0 = "1f1f1f"; # black
regular1 = "f38ba8"; # red
regular2 = "a6e3a1"; # green
regular3 = "f9e2af"; # yellow
regular4 = "89b4fa"; # blue
regular5 = "cba6f7"; # magenta
regular6 = "89dceb"; # cyan
regular7 = "e0e0e0"; # white
# bright (815)
bright0 = "565656"; # bright black
bright1 = "f38ba8"; # bright red
bright2 = "a6e3a1"; # bright green
bright3 = "f9e2af"; # bright yellow
bright4 = "89b4fa"; # bright blue
bright5 = "cba6f7"; # bright magenta
bright6 = "89dceb"; # bright cyan
bright7 = "ffffff"; # bright white
};
};
};
};
}

7
flakes/common/hm_modules/git.nix → common/_home_manager/mods/git.nix
View file

@ -7,7 +7,7 @@
userName = "RingOfStorms (Joshua Bell)";
extraConfig = {
core.pager = "bat";
core.pager = "cat";
core.editor = "nano";
pull.rebase = false;
@ -55,10 +55,13 @@
# direnv things
".direnv"
".envrc"
# local only files
"*.local"
# AI tooling
".aider*"
"aider"
];
};
}

65
common/_home_manager/mods/kitty.nix Normal file
View file

@ -0,0 +1,65 @@
{ config, lib, ... }:
{
options.components.kitty = {
font_size = lib.mkOption {
type = lib.types.float;
default = 12.0;
description = "Font size for Kitty terminal";
};
};
config = {
# Enable Kitty terminal
programs.kitty = {
enable = true;
settings = {
# Window settings
background_opacity = 1.0;
os_window_class = "kitty";
remember_window_size = false;
placement_strategy = "center";
initial_window_width = "160c";
initial_window_height = "55c";
# Remove window borders
hide_window_decorations = "titlebar-only";
tab_title_template = "none";
active_tab_title_template = "none";
draw_minimal_borders = "yes";
window_border_width = "0.1pt";
# Colors (Catppuccin Coal)
foreground = "#e0e0e0";
background = "#262626";
color0 = "#1f1f1f";
color1 = "#f38ba8";
color2 = "#a6e3a1";
color3 = "#f9e2af";
color4 = "#89b4fa";
color5 = "#cba6f7";
color6 = "#89dceb";
color7 = "#e0e0e0";
color8 = "#565656";
color9 = "#f38ba8";
color10 = "#a6e3a1";
color11 = "#f9e2af";
color12 = "#89b4fa";
color13 = "#cba6f7";
color14 = "#89dceb";
color15 = "#ffffff";
# Font settings
font_family = "JetBrainsMonoNL Nerd Font";
font_size = config.components.kitty.font_size;
bold_font = "auto";
italic_font = "auto";
italic_bold_font = "auto";
};
# If you want to include extra configuration this way instead of through the main `settings` attribute
extraConfig = ''
# You can add additional config here if needed
'';
};
};
}

2
flakes/common/hm_modules/launcher_rofi.nix → common/_home_manager/mods/launcher_rofi.nix
View file

@ -10,7 +10,7 @@
modi = "drun,run,ssh,window,calc";
terminal = "alacritty";
};
theme = "Arc-Dark";
theme = "glue_pro_blue";
};
programs.wofi = {
enable = true;

18
common/_home_manager/mods/nix_deprecations.nix Normal file
View file

@ -0,0 +1,18 @@
{ ... }:
{
programs.zsh.shellAliases = {
# Nix deprecations
nix-hash = "echo 'The functionality of nix-hash may be covered by various subcommands or options in the new `nix` command.'";
nix-build = "echo 'Use `nix build` instead.'";
nix-info = "echo 'Use `nix flake info` or other `nix` subcommands to obtain system and Nix information.'";
nix-channel = "echo 'Channels are being phased out in favor of flakes. Use `nix flake` subcommands.'";
nix-instantiate = "echo 'Use `nix eval` or `nix-instantiate` with flakes.'";
nix-collect-garbage = "echo 'Use `nix store gc` instead.'";
nix-prefetch-url = "echo 'Use `nix-prefetch` or fetchers in Nix expressions.'";
nix-copy-closure = "echo 'Use `nix copy` instead.'";
nix-shell = "echo 'Use `nix shell` instead.'";
# nix-daemon # No direct replacement: The Nix daemon is still in use and managed by the system service manager.
nix-store = "echo 'Use `nix store` subcommands for store operations.'";
nix-env = "echo 'Use `nix profile` instead'";
};
}

4
common/_home_manager/mods/obs.nix Normal file
View file

@ -0,0 +1,4 @@
{ ... }:
{
programs.obs-studio.enable = true;
}

0
flakes/common/hm_modules/postgres_cli_options.nix → common/_home_manager/mods/postgres.nix
View file

0
flakes/common/hm_modules/slicer.nix → common/_home_manager/mods/slicer.nix
View file

5
flakes/common/hm_modules/ssh.nix → common/_home_manager/mods/ssh.nix
View file

@ -129,11 +129,6 @@ in
user = "luser";
};
"h003" = lib.mkIf (hasSecret "nix2h003") {
identityFile = age.secrets.nix2h003.path;
hostname = "10.12.14.1";
user = "luser";
};
"h003_" = lib.mkIf (hasSecret "nix2h003") {
identityFile = age.secrets.nix2h003.path;
user = "luser";
};

0
flakes/common/hm_modules/starship.nix → common/_home_manager/mods/starship.nix
View file

9
flakes/common/hm_modules/tmux/tmux-reset.conf → common/_home_manager/mods/tmux/tmux-reset.conf
View file

@ -35,20 +35,11 @@ bind -r right select-pane -R
bind x kill-pane
bind -r space resize-pane -Z
bind S select-layout tiled
bind -r h select-pane -L
bind -r j select-pane -D
bind -r k select-pane -U
bind -r l select-pane -R
bind -r C-h swap-pane -t '{left-of}'
bind -r C-j swap-pane -D
bind -r C-k swap-pane -U
bind -r C-l swap-pane -t '{right-of}'
bind -n C-Left resize-pane -L 5
bind -n C-Down resize-pane -D 5
bind -n C-Up resize-pane -U 5
bind -n C-Right resize-pane -R 5
# Sessions
bind $ command-prompt "rename-session %%"

5
flakes/common/hm_modules/tmux/default.nix → common/_home_manager/mods/tmux/tmux.nix
View file

@ -68,4 +68,9 @@
}
];
};
home.shellAliases = {
t = "tmux";
tat = "tmux attach-session";
};
}

0
flakes/common/hm_modules/zoxide.nix → common/_home_manager/mods/zoxide.nix
View file

0
flakes/common/hm_modules/zsh.nix → common/_home_manager/mods/zsh.nix
View file

35
common/boot/default.nix Normal file
View file

@ -0,0 +1,35 @@
{ config, lib, ... }:
let
ccfg = import ../config.nix;
cfg = config.${ccfg.custom_config_key}.boot;
in
{
imports = [
./grub.nix
./systemd.nix
];
config = {
assertions = [
(
let
enabledBootloaders = lib.filter (x: x.enabled) [
{
name = "systemd";
enabled = cfg.systemd.enable;
}
{
name = "grub";
enabled = cfg.grub.enable;
}
];
in
{
assertion = lib.length enabledBootloaders <= 1;
message =
"Only one bootloader can be enabled at a time. Enabled: "
+ lib.concatStringsSep ", " (map (x: x.name) enabledBootloaders);
}
)
];
};
}

35
common/boot/grub.nix Normal file
View file

@ -0,0 +1,35 @@
{
config,
lib,
...
}:
let
ccfg = import ../config.nix;
cfg_path = [
ccfg.custom_config_key
"boot"
"grub"
];
cfg = lib.attrsets.getAttrFromPath cfg_path config;
in
{
options =
{ }
// lib.attrsets.setAttrByPath cfg_path {
enable = lib.mkEnableOption "Grub bootloader";
device = lib.mkOption {
type = lib.types.str;
default = "/dev/sda";
description = ''
The device to install GRUB on.
'';
};
};
config = lib.mkIf cfg.enable {
boot.loader.grub = {
enable = true;
device = cfg.device;
};
};
}

33
common/boot/systemd.nix Normal file
View file

@ -0,0 +1,33 @@
{
config,
lib,
...
}:
let
ccfg = import ../config.nix;
cfg_path = [
ccfg.custom_config_key
"boot"
"systemd"
];
cfg = lib.attrsets.getAttrFromPath cfg_path config;
in
{
options =
{ }
// lib.attrsets.setAttrByPath cfg_path {
enable = lib.mkEnableOption "Systemd bootloader";
};
config = lib.mkIf cfg.enable {
boot.loader = {
systemd-boot = {
enable = true;
consoleMode = "keep";
};
timeout = 5;
efi = {
canTouchEfiVariables = true;
};
};
};
}

3
common/config.nix Normal file
View file

@ -0,0 +1,3 @@
{
custom_config_key = "ringofstorms_common";
}

57
common/desktop_environment/cosmic/default.nix Normal file
View file

@ -0,0 +1,57 @@
{
config,
lib,
pkgs,
...
}:
let
ccfg = import ../../config.nix;
cfg_path = [ ccfg.custom_config_key "desktopEnvironment" "cosmic" ];
cfg = lib.attrsets.getAttrFromPath cfg_path config;
in
with lib;
{
options = {}
// lib.attrsets.setAttrByPath cfg_path {
enable = lib.mkEnableOption "COSMIC desktop environment (System76)";
terminalCommand = mkOption {
type = lib.types.str;
default = "foot";
description = "The terminal command to use.";
};
};
config = lib.mkIf cfg.enable {
services.greetd = {
enable = true;
vt = 2;
# settings.default_session = {
# command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --remember --remember-session --cmd '${pkgs.dbus}/bin/dbus-run-session ${pkgs.cosmic}/bin/cosmic-session'";
# user = "greeter";
# };
};
# Caps Lock as Escape for console/tty
console.useXkbConfig = true;
services.xserver.xkb = {
layout = "us";
options = "caps:escape";
};
environment.systemPackages = with pkgs; [
wl-clipboard
wofi
btop
];
xdg.portal.enable = true;
environment.sessionVariables = {
NIXOS_OZONE_WL = "1";
GTK_THEME = "Adwaita:dark";
};
qt = { enable = true; platformTheme = "gtk2"; style = "adwaita-dark"; };
hardware.graphics.enable = true;
};
}

50
common/desktop_environment/default.nix Normal file
View file

@ -0,0 +1,50 @@
{ config, lib, ... }:
let
ccfg = import ../config.nix;
cfg = config.${ccfg.custom_config_key}.desktopEnvironment;
in
{
imports = [
./gnome
# ./hyprland
./sway
./cosmic
./i3
];
config = {
assertions = [
(
let
enabledDEs = lib.filter (x: x.enabled) [
{
name = "gnome";
enabled = cfg.gnome.enable;
}
# {
# name = "hyprland";
# enabled = cfg.hyprland.enable;
# }
{
name = "sway";
enabled = cfg.sway.enable;
}
{
name = "cosmic";
enabled = cfg.cosmic.enable;
}
{
name = "i3";
enabled = cfg.i3.enable;
}
];
in
{
assertion = lib.length enabledDEs <= 1;
message =
"Only one desktop environment can be enabled at a time. Enabled: "
+ lib.concatStringsSep ", " (map (x: x.name) enabledDEs);
}
)
];
};
}

BIN
common/desktop_environment/gnome/black.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 70 B

208
common/desktop_environment/gnome/dconf.nix Normal file
View file

@ -0,0 +1,208 @@
{ cfg }:
{
lib,
pkgs,
...
}:
{
config = lib.mkIf cfg.enable {
home-manager.sharedModules = [
(
{ lib, ... }:
with lib.hm.gvariant;
{
# use `dconf dump /` before and after and diff the files for easy editing of dconf below
# dconf dump / > /tmp/dconf_dump_start && watch -n0.5 "dconf dump / > /tmp/dconf_dump_current && \diff --color /tmp/dconf_dump_start /tmp/dconf_dump_current -U12"
# To get nix specific diff:
# \diff -u /tmp/dconf_dump_start /tmp/dconf_dump_current | grep '^+[^+]' | sed 's/^+//' | dconf2nix
# OR (Must be logged into user directly, no SU to user will work): `dconf watch /`
# OR get the exact converted nixConfig from `dconf dump / | dconf2nix | less` and search with forward slash
dconf.settings = {
"org/gnome/shell" = {
favorite-apps = [ ];
enabled-extensions = with pkgs.gnomeExtensions; [
vertical-workspaces.extensionUuid
compact-top-bar.extensionUuid
tray-icons-reloaded.extensionUuid
vitals.extensionUuid
] ++ lib.optionals cfg.enableRotate [
screen-rotate.extensionUuid
];
};
# Plugin Settings
"org/gnome/shell/extensions/vertical-workspaces" = {
animation-speed-factor = 42;
center-dash-to-ws = false;
dash-bg-color = 0;
dash-position = 2;
dash-position-adjust = 0;
hot-corner-action = 0;
startup-state = 1;
ws-switcher-wraparound = true;
};
"org/gnome/shell/extensions/compact-top-bar" = {
fade-text-on-fullscreen = true;
};
"org/gnome/shell/extensions/vitals" = {
position-in-panel = 1;
};
# Built in settings
"org/gnome/desktop/session" = {
idle-delay = mkUint32 0;
};
"org/gnome/desktop/wm/preferences" = {
resize-with-right-button = true;
button-layout = "maximize:appmenu,close";
audible-bell = false;
wrap-around = true;
};
"org/gnome/settings-daemon/plugins/media-keys" = {
# Disable the lock screen shortcut
screensaver = [ "" ];
custom-keybindings = [
"/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/"
"/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1/"
];
};
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = {
binding = "<Super>Return";
command = cfg.terminalCommand;
name = "Launch terminal";
};
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1" = {
binding = "<Super>Space";
command = "wofi";
name = "Launcher";
};
"org/gnome/desktop/wm/keybindings" = {
minimize = [ "" ];
move-to-workspace-1 = [ "" ];
move-to-workspace-2 = [ "" ];
move-to-workspace-3 = [ "" ];
move-to-workspace-4 = [ "" ];
move-to-workspace-last = [ "" ];
move-to-workspace-down = [ "<Control><Super>j" ];
move-to-workspace-up = [ "<Control><Super>k" ];
# move-to-workspace-left = [ "<Control><Super>h" ];
# move-to-workspace-right = [ "<Control><Super>l" ];
switch-input-source = [ ];
switch-input-source-backward = [ ];
switch-to-workspace-1 = [ "<Super>1" ];
switch-to-workspace-2 = [ "<Super>2" ];
switch-to-workspace-3 = [ "<Super>3" ];
switch-to-workspace-4 = [ "<Super>4" ];
switch-to-workspace-last = [ "" ];
switch-to-workspace-down = [ "<Super>j" ];
switch-to-workspace-up = [ "<Super>k" ];
# switch-to-workspace-left = [ "<Super>k" ];
# switch-to-workspace-right = [ "<Super>j" ];
# move-to-monitor-down = [ "<Control><Super><Shift>j" ];
# move-to-monitor-up = [ "<Control><Super><Shift>k" ];
move-to-monitor-left = [ "<Control><Super>h" ];
move-to-monitor-right = [ "<Control><Super>l" ];
unmaximize = [ "<Super><Shift>j" ];
maximize = [ "<Super><Shift>k" ];
};
"org/gnome/mutter" = {
dynamic-workspaces = true;
edge-tiling = true;
workspaces-only-on-primary = true;
center-new-windows = true;
};
"org/gnome/mutter/keybindings" = {
toggle-tiled-right = [ "<Super><Shift>l" ];
toggle-tiled-left = [ "<Super><Shift>h" ];
};
"org/gnome/settings-daemon/plugins/power" = {
power-button-action = "nothing";
sleep-inactive-ac-type = "nothing";
sleep-inactive-battery-type = "nothing";
idle-brightness = 15;
power-saver-profile-on-low-battery = false;
};
"org/gnome/desktop/background" = {
color-shading-type = "solid";
picture-options = "zoom";
picture-uri = "file://" + (./black.png);
picture-uri-dark = "file://" + (./black.png);
primary-color = "#000000000000";
secondary-color = "#000000000000";
};
"org/gnome/desktop/screensaver" = {
lock-enabled = false;
idle-activation-enabled = false;
picture-options = "zoom";
picture-uri = "file://" + (./black.png);
picture-uri-dark = "file://" + (./black.png);
};
"org/gnome/desktop/applications/terminal" = {
exec = "alacritty";
};
"org/gnome/settings-daemon/plugins/color" = {
night-light-enabled = false;
night-light-schedule-automatic = false;
};
"org/gnome/shell/keybindings" = {
shift-overview-down = [ "" ];
shift-overview-up = [ "" ];
switch-to-application-1 = [ "" ];
switch-to-application-2 = [ "" ];
switch-to-application-3 = [ "" ];
switch-to-application-4 = [ "" ];
switch-to-application-5 = [ "" ];
switch-to-application-6 = [ "" ];
switch-to-application-7 = [ "" ];
switch-to-application-8 = [ "" ];
switch-to-application-9 = [ "" ];
toggle-quick-settings = [ "" ];
toggle-application-view = [ "" ];
};
"org/gtk/gtk4/settings/file-chooser" = {
show-hidden = true;
};
"org/gnome/desktop/interface" = {
accent-color = "orange";
show-battery-percentage = true;
clock-show-date = true;
clock-show-seconds = true;
clock-show-weekday = true;
color-scheme = "prefer-dark";
cursor-size = 24;
enable-animations = true;
enable-hot-corners = false;
font-antialiasing = "grayscale";
font-hinting = "slight";
gtk-theme = "Adwaita-dark";
# icon-theme = "Yaru-magenta-dark";
};
"org/gnome/desktop/notifications" = {
application-children = [ "org-gnome-tweaks" ];
};
"org/gnome/desktop/notifications/application/org-gnome-tweaks" = {
application-id = "org.gnome.tweaks.desktop";
};
"org/gnome/desktop/peripherals/mouse" = {
natural-scroll = false;
};
"org/gnome/desktop/peripherals/touchpad" = {
disable-while-typing = true;
two-finger-scrolling-enabled = true;
natural-scroll = true;
};
"org/gnome/tweaks" = {
show-extensions-notice = false;
};
};
}
)
];
};
}

86
common/desktop_environment/gnome/default.nix Normal file
View file

@ -0,0 +1,86 @@
{
config,
lib,
pkgs,
...
}:
let
ccfg = import ../../config.nix;
cfg_path = [
ccfg.custom_config_key
"desktopEnvironment"
"gnome"
];
cfg = lib.attrsets.getAttrFromPath cfg_path config;
in
with lib;
{
options =
{ }
// lib.attrsets.setAttrByPath cfg_path {
enable = lib.mkEnableOption "gnome desktop environment";
terminalCommand = mkOption {
type = lib.types.str;
default = "kitty";
description = "The terminal command to use.";
};
enableRotate = lib.mkEnableOption "enable screen rotation";
};
imports = [
(import ./dconf.nix { inherit cfg; })
(import ./wofi.nix { inherit cfg; })
];
config = lib.mkIf cfg.enable {
services.xserver = {
enable = true;
desktopManager.gnome.enable = true;
displayManager.gdm = {
enable = true;
autoSuspend = false;
wayland = true;
};
};
services.gnome.gnome-initial-setup.enable = false;
environment.gnome.excludePackages = with pkgs; [
gnome-backgrounds
gnome-video-effects
gnome-maps
gnome-music
gnome-tour
gnome-text-editor
gnome-user-docs
];
environment.systemPackages = with pkgs; [
dconf-editor
dconf2nix
gnome-tweaks
wayland
wayland-utils
wl-clipboard
numix-cursor-theme
gnomeExtensions.vertical-workspaces
gnomeExtensions.compact-top-bar
gnomeExtensions.tray-icons-reloaded
gnomeExtensions.vitals
] ++ lib.optionals cfg.enableRotate [
gnomeExtensions.screen-rotate
];
environment.sessionVariables = {
NIXOS_OZONE_WL = "1";
GTK_THEME = "Adwaita:dark";
};
qt = {
enable = true;
platformTheme = "gnome";
style = "adwaita-dark";
};
hardware.graphics = {
enable = true;
};
};
}

51
common/desktop_environment/gnome/wofi.css Normal file
View file

@ -0,0 +1,51 @@
window {
margin: 0px;
border: 1px solid #171717;
background-color: #262626;
}
#input {
margin: 5px;
border: none;
color: #e0e0e0;
background-color: #1f1f1f;
}
#inner-box {
margin: 5px;
border: none;
background-color: #171717;
}
#outer-box {
margin: 5px;
border: none;
background-color: #191919;
}
#scroll {
margin: 0px;
border: none;
}
#text {
margin: 5px;
border: none;
color: #e0e0e0;
}
#entry.activatable #text {
color: #cccccc;
}
#entry>* {
color: #e0e0e0;
}
#entry:selected {
background-color: #4f4f4f;
}
#entry:selected #text {
font-weight: bold;
}

31
common/desktop_environment/gnome/wofi.nix Normal file
View file

@ -0,0 +1,31 @@
{ cfg }:
{ lib, ... }:
{
config = lib.mkIf cfg.enable {
home-manager.sharedModules = [
(
{ lib, ... }:
{
programs.wofi = {
enable = true;
settings = {
width = "28%";
height = "38%";
show = "drun";
location = "center";
gtk_dark = true;
valign = "center";
key_backward = "Ctrl+k";
key_forward = "Ctrl+j";
insensitive = true;
prompt = "Run";
allow_images = true;
};
style = builtins.readFile ./wofi.css;
};
}
)
];
};
}

151
common/desktop_environment/hyprland/default.nix Normal file
View file

@ -0,0 +1,151 @@
{
config,
lib,
pkgs,
hyprland,
hyprlandPkgs,
...
}:
let
ccfg = import ../../config.nix;
cfg_path = [
ccfg.custom_config_key
"desktopEnvironment"
"hyprland"
];
cfg = lib.attrsets.getAttrFromPath cfg_path config;
in
with lib;
{
options =
{ }
// lib.attrsets.setAttrByPath cfg_path {
enable = lib.mkEnableOption "hyprland desktop environment";
terminalCommand = mkOption {
type = lib.types.str;
default = "foot";
description = "The terminal command to use.";
};
extraOptions = mkOption {
type = lib.types.attrs;
default = { };
description = "Extra options for Hyprland configuration.";
};
swaync = {
enable = lib.mkEnableOption "Enable Swaync (notification center for Hyprland)";
};
waybar = {
enable = lib.mkEnableOption "Enable Waybar (status bar for Hyprland)";
};
};
config = lib.mkIf cfg.enable {
# Enable for all users
home-manager = {
sharedModules = [
hyprland.homeManagerModules.default
./home_manager
];
};
services.greetd = {
enable = true;
vt = 2;
settings = {
default_session = {
command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --remember --remember-session --cmd '${pkgs.dbus}/bin/dbus-run-session ${hyprlandPkgs.hyprland}/bin/Hyprland'";
user = "greeter";
};
};
};
# Caps Lock as Escape for console/tty
console.useXkbConfig = true;
services.xserver.xkb = {
layout = "us";
options = "caps:escape";
};
environment.systemPackages = with pkgs; [
wl-clipboard
wl-clip-persist
wofi # application launcher
nemo # file manager (x11)
# nautilus # file manager
feh # image viewer (x11)
# imv # image viewer
networkmanager # network management
upower # power management
brightnessctl # screen/keyboard brightness control
wireplumber # media session manager
libgtop # system monitor library
bluez # Bluetooth support
power-profiles-daemon # power profiles
grim
slurp
hyprpicker
grimblast # screenshot tool
wf-recorder # screen recording tool
btop # system monitor
];
services.blueman.enable = config.hardware.bluetooth.enable;
programs.hyprland = {
enable = true;
# xwayland.enable = false;
withUWSM = true;
# set the flake package
package = hyprlandPkgs.hyprland;
# make sure to also set the portal package, so that they are in sync
# This is set below now in xdf portal directly so we can also add things like gtk
# portalPackage = hyprlandPkgs.xdg-desktop-portal-hyprland;
};
xdg.portal = {
enable = true;
extraPortals = lib.mkForce [
hyprlandPkgs.xdg-desktop-portal-hyprland
hyprlandPkgs.xdg-desktop-portal-gtk
];
config.common.default = [
"hyprland"
"gtk"
];
};
hardware.graphics = {
enable = true;
package = hyprlandPkgs.mesa;
# if you also want 32-bit support (e.g for Steam)
# enable32Bit = true;
package32 = hyprlandPkgs.pkgsi686Linux.mesa;
};
# Environment variables
environment.sessionVariables = {
GTK_THEME = "Adwaita:dark";
XDG_SESSION_TYPE = "wayland";
XDG_CURRENT_DESKTOP = "Hyprland";
XDG_SESSION_DESKTOP = "Hyprland";
WLR_RENDERER = "auto";
# Tell apps to run native wayland
NIXOS_OZONE_WL = "1";
ELECTRON_OZONE_PLATFORM_HINT = "wayland";
GDK_BACKEND = "wayland,x11"; # GTK
QT_QPA_PLATFORM = "wayland;xcb"; # Qt 5/6
MOZ_ENABLE_WAYLAND = "1"; # Firefox
SDL_VIDEODRIVER = "wayland"; # SDL apps/games
CLUTTER_BACKEND = "wayland"; # You already have this
};
# Qt theming
qt = {
enable = true;
platformTheme = "gtk2";
style = "adwaita-dark";
};
};
}

1
flakes/hyprland/home_manager/default.nix → common/desktop_environment/hyprland/home_manager/default.nix
View file

@ -3,7 +3,6 @@
imports = [
./theme.nix
./hyprland.nix
./hyprpaper.nix
# ./quickshell.nix
./waybar.nix
./hyprpolkitagent.nix

18
flakes/hyprland/home_manager/hyprland.nix → common/desktop_environment/hyprland/home_manager/hyprland.nix
View file

@ -4,6 +4,15 @@
hyprlandPkgs,
...
}:
let
ccfg = import ../../../config.nix;
cfg_path = [
ccfg.custom_config_key
"desktopEnvironment"
"hyprland"
];
cfg = lib.attrsets.getAttrFromPath cfg_path osConfig;
in
{
wayland.windowManager.hyprland = {
enable = true;
@ -12,12 +21,12 @@
# hyprspace
# ];
settings = {
settings = lib.attrsets.recursiveUpdate {
# Debug logs enabled when this is uncommented
debug.disable_logs = false;
debug.disable_time = false;
# exec-once = [ "pgrep waybar>/dev/null || waybar" ];
exec-once = [ "pgrep waybar>/dev/null || waybar" ];
# Default monitor configuration
monitor = "monitor = , preferred, auto, 1";
@ -80,13 +89,12 @@
bind = [
# Applications
"$mainMod, Return, exec, foot"
"$mainMod, Return, exec, ${cfg.terminalCommand}"
"$mainMod, Space, exec, pkill wofi || wofi --show drun"
"$mainMod, q, killactive"
"$mainMod SHIFT, escape, exit"
"$mainMod SHIFT, q, exec, swaylock"
"$mainMod, f, togglefloating"
"$mainMod SHIFT, F, fullscreen"
"$mainMod, g, pseudo"
"$mainMod, t, togglesplit"
@ -162,6 +170,6 @@
"$mainMod, mouse:273, resizewindow"
];
};
} cfg.extraOptions;
};
}

0
flakes/hyprland/home_manager/hyprpolkitagent.nix → common/desktop_environment/hyprland/home_manager/hyprpolkitagent.nix
View file

11
flakes/hyprland/home_manager/quickshell.nix → common/desktop_environment/hyprland/home_manager/quickshell.nix
View file

@ -1,8 +1,19 @@
{
osConfig,
lib,
pkgs,
upkgs,
...
}:
let
ccfg = import ../../../config.nix;
cfg_path = [
ccfg.custom_config_key
"desktopEnvironment"
"hyprland"
];
cfg = lib.attrsets.getAttrFromPath cfg_path osConfig;
in
{
home.packages = with pkgs; [
upkgs.quickshell

0
flakes/hyprland/home_manager/scripts.nix → common/desktop_environment/hyprland/home_manager/scripts.nix
View file

0
flakes/hyprland/home_manager/scripts/confirm-action.sh → common/desktop_environment/hyprland/home_manager/scripts/confirm-action.sh
View file

0
flakes/hyprland/home_manager/scripts/toggle-airplane-mode.sh → common/desktop_environment/hyprland/home_manager/scripts/toggle-airplane-mode.sh
View file

0
flakes/hyprland/home_manager/scripts/toggle-power-profile.sh → common/desktop_environment/hyprland/home_manager/scripts/toggle-power-profile.sh
View file

0
flakes/hyprland/home_manager/scripts/wofi-bluetooth-menu.sh → common/desktop_environment/hyprland/home_manager/scripts/wofi-bluetooth-menu.sh
View file

0
flakes/hyprland/home_manager/scripts/wofi-wifi-menu.sh → common/desktop_environment/hyprland/home_manager/scripts/wofi-wifi-menu.sh
View file

0
flakes/hyprland/home_manager/swaylock.nix → common/desktop_environment/hyprland/home_manager/swaylock.nix
View file

251
common/desktop_environment/hyprland/home_manager/swaync.nix Normal file
View file

@ -0,0 +1,251 @@
{
lib,
osConfig,
...
}:
let
ccfg = import ../../../config.nix;
cfg_path = [
ccfg.custom_config_key
"desktopEnvironment"
"hyprland"
"swaync"
];
cfg = lib.attrsets.getAttrFromPath cfg_path osConfig;
in
{
config = lib.mkIf cfg.enable {
services.swaync = {
enable = true;
settings = {
ignore = [
"com.spotify.Client"
];
positionX = "right";
positionY = "top";
layer = "overlay";
control-center-layer = "top";
layer-shell = true;
cssPriority = "application";
control-center-margin-top = 0;
control-center-margin-bottom = 0;
control-center-margin-right = 0;
control-center-margin-left = 0;
notification-2fa-action = true;
notification-inline-replies = false;
notification-icon-size = 64;
notification-body-image-height = 100;
notification-body-image-width = 200;
timeout = 10;
timeout-low = 5;
timeout-critical = 0;
control-center-width = 500;
control-center-height = 600;
notification-window-width = 500;
keyboard-shortcuts = true;
image-visibility = "when-available";
transition-time = 200;
hide-on-clear = false;
hide-on-action = true;
script-fail-notify = true;
widgets = [
"inhibitors"
"title"
"dnd"
"volume"
"backlight"
"mpris"
"buttons-grid#quick"
"notifications"
];
# Widget configurations
widget-config = {
inhibitors = {
text = "Inhibitors";
button-text = "Clear All";
clear-all-button = true;
};
title = {
text = "Notifications";
clear-all-button = true;
button-text = "Clear All";
};
dnd.text = "Do Not Disturb";
mpris = {
image-size = 96;
image-radius = 12;
};
volume = {
label = "󰕾";
show-per-app = true;
};
backlight = {
label = "󰃟";
device = "intel_backlight";
};
"buttons-grid#quick" = {
columns = 4; # adjust: 3/4/5
icon-size = 20; # tweak to taste
actions = [
# Power
{
label = "󰐥";
tooltip = "Shutdown";
command = "confirm-action 'systemctl poweroff' 'Shutdown?'";
}
{
label = "󰜉";
tooltip = "Reboot";
command = "confirm-action 'systemctl reboot' 'Reboot?'";
}
{
label = "󰍃";
tooltip = "Logout";
command = "confirm-action 'hyprctl dispatch exit' 'Logout?'";
}
];
};
};
};
# Custom CSS for the control center
style = ''
.control-center {
background: #1a1b26;
border: 2px solid #7dcae4;
border-radius: 12px;
}
.control-center-list {
background: transparent;
}
.control-center .notification-row:focus,
.control-center .notification-row:hover {
opacity: 1;
background: #24283b;
}
.notification {
border-radius: 8px;
margin: 6px 12px;
box-shadow: 0 0 0 1px rgba(125, 196, 228, 0.3), 0 1px 3px 1px rgba(0, 0, 0, 0.7), 0 2px 6px 2px rgba(0, 0, 0, 0.3);
padding: 0;
}
/* Widget styling */
.widget-title {
margin: 8px;
font-size: 1.5rem;
color: #c0caf5;
}
.widget-dnd {
margin: 8px;
font-size: 1.1rem;
color: #c0caf5;
}
.widget-dnd > switch {
font-size: initial;
border-radius: 8px;
background: #414868;
border: 1px solid #7dcae4;
}
.widget-dnd > switch:checked {
background: #7dcae4;
}
.widget-mpris {
color: #c0caf5;
background: #24283b;
padding: 8px;
margin: 8px;
border-radius: 8px;
}
.widget-mpris-player {
padding: 8px;
margin: 8px;
}
.widget-mpris-title {
font-weight: bold;
font-size: 1.25rem;
}
.widget-mpris-subtitle {
font-size: 1.1rem;
color: #9ece6a;
}
.widget-volume {
background: #24283b;
padding: 8px;
margin: 8px;
border-radius: 8px;
color: #c0caf5;
}
.widget-backlight {
background: #24283b;
padding: 8px;
margin: 8px;
border-radius: 8px;
color: #c0caf5;
}
.widget-menubar {
background: #24283b;
padding: 8px;
margin: 8px;
border-radius: 8px;
color: #c0caf5;
}
.widget-menubar .menu-item button {
background: #1f2335;
color: #c0caf5;
border-radius: 8px;
padding: 6px 10px;
margin: 4px;
border: 1px solid #2e3440;
font-family: "JetBrainsMonoNL Nerd Font";
}
.widget-menubar .menu-item button:hover {
background: #414868;
border-color: #7dcae4;
}
.topbar-buttons button {
border: none;
background: transparent;
color: #c0caf5;
font-size: 1.1rem;
border-radius: 8px;
margin: 0 4px;
padding: 8px;
}
.topbar-buttons button:hover {
background: #414868;
}
.topbar-buttons button:active {
background: #7dcae4;
color: #1a1b26;
}
'';
};
};
}

18
common/desktop_environment/hyprland/home_manager/template.nix Normal file
View file

@ -0,0 +1,18 @@
{
osConfig,
lib,
pkgs,
...
}:
let
ccfg = import ../../../config.nix;
cfg_path = [
ccfg.custom_config_key
"desktopEnvironment"
"hyprland"
];
cfg = lib.attrsets.getAttrFromPath cfg_path osConfig;
in
{
}

0
flakes/hyprland/home_manager/theme.nix → common/desktop_environment/hyprland/home_manager/theme.nix
View file

267
common/desktop_environment/hyprland/home_manager/waybar.nix Normal file
View file

@ -0,0 +1,267 @@
{
lib,
osConfig,
...
}:
let
ccfg = import ../../../config.nix;
cfg_path = [
ccfg.custom_config_key
"desktopEnvironment"
"hyprland"
"waybar"
];
cfg = lib.attrsets.getAttrFromPath cfg_path osConfig;
in
{
config = lib.mkIf cfg.enable {
programs.waybar = {
enable = true;
systemd.enable = true;
settings = {
mainBar = {
layer = "top";
position = "top";
height = 30;
spacing = 6;
margin-top = 0;
margin-bottom = 0;
margin-left = 10;
margin-right = 10;
modules-left = [
"hyprland/workspaces"
];
modules-center = [
"clock"
"temperature"
"cpu"
"memory"
"disk"
];
modules-right = [
"pulseaudio"
"network"
"bluetooth"
"custom/notifications"
"hyprland/language"
];
# Workspaces configuration
"hyprland/workspaces" = {
format = "{icon}";
format-icons = {
"1" = "";
"2" = "";
"3" = "";
"4" = "";
"5" = "";
"6" = "";
"7" = "";
"8" = "";
"9" = "";
"10" = "";
"11" = "";
"12" = "";
"13" = "";
"14" = "";
"15" = "";
"16" = "";
"17" = "";
"18" = "";
"19" = "";
"20" = "";
};
show-special = false;
};
pulseaudio = {
format = "{icon} {volume}%";
format-bluetooth = "󰂰 {volume}%";
format-bluetooth-muted = "󰂲 ";
format-muted = "󰖁 ";
format-source = "󰍬 {volume}%";
format-source-muted = "󰍭 ";
format-icons = {
headphone = "󰋋";
hands-free = "󰂑";
headset = "󰂑";
phone = "󰏲";
portable = "󰦧";
car = "󰄋";
default = [
"󰕿"
"󰖀"
"󰕾"
];
};
scroll-step = 5;
on-click = "wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle";
on-click-right = "swaync-client -t -sw";
};
"custom/notifications" = {
format = "{icon} {}";
format-icons = {
notification = "";
none = "";
dnd-notification = "󰂛";
dnd-none = "󰂛";
inhibited-notification = "";
inhibited-none = "";
dnd-inhibited-notification = "󰂛";
dnd-inhibited-none = "󰂛";
};
return-type = "json";
exec-if = "which swaync-client";
exec = "swaync-client -swb";
on-click = "swaync-client -t -sw";
on-click-right = "swaync-client -d -sw";
escape = true;
tooltip = false;
};
# Clock
clock = {
format = "{:%b %d, %H:%M}";
};
temperature = {
thermal-zone = 2;
hwmon-path = "/sys/class/hwmon/hwmon2/temp1_input";
critical-threshold = 80;
format-critical = "󰔏 {temperatureC}°C";
format = "󰔏 {temperatureC}°C";
};
cpu = {
format = "󰻠 {usage}%";
tooltip = false;
on-click = "btop";
};
memory = {
format = "󰍛 {}%";
on-click = "btop";
};
disk = {
interval = 30;
format = "󰋊 {percentage_used}%";
path = "/";
on-click = "btop";
};
network = {
format-wifi = "󰤨 {essid} ({signalStrength}%)";
format-ethernet = "󰈀 {ipaddr}/{cidr}";
tooltip-format = "{ifname} via {gwaddr} ";
format-linked = "󰈀 {ifname} (No IP)";
format-disconnected = "󰖪 Disconnected";
on-click = "wofi-wifi-menu";
on-click-right = "nmcli radio wifi toggle";
};
bluetooth = {
format = "󰂯 {status}";
format-connected = "󰂱 {device_alias}";
format-connected-battery = "󰂱 {device_alias} {device_battery_percentage}%";
tooltip-format = "{controller_alias}\t{controller_address}\n\n{num_connections} connected";
tooltip-format-connected = "{controller_alias}\t{controller_address}\n\n{num_connections} connected\n\n{device_enumerate}";
tooltip-format-enumerate-connected = "{device_alias}\t{device_address}";
tooltip-format-enumerate-connected-battery = "{device_alias}\t{device_address}\t{device_battery_percentage}%";
on-click = "wofi-bluetooth-menu";
on-click-right = "bluetoothctl power toggle";
};
# Keyboard input (language)
"hyprland/language" = {
format = "{}";
format-en = "EN";
format-ja = "JP";
};
};
};
style = ''
* {
font-family: "JetBrainsMonoNL Nerd Font";
font-size: 12px;
border: none;
border-radius: 0;
min-height: 0;
}
window#waybar {
background: transparent;
border-radius: 10px;
margin: 0px;
}
.modules-left,
.modules-center,
.modules-right {
background: rgba(26, 27, 38, 0.8);
border-radius: 10px;
margin: 4px;
padding: 0 10px;
}
#workspaces {
padding: 0 5px;
}
#workspaces button {
padding: 0 8px;
background: transparent;
color: #c0caf5;
border-radius: 5px;
margin: 2px;
}
#workspaces button:hover {
background: rgba(125, 196, 228, 0.2);
color: #7dcae4;
}
#workspaces button.active {
background: #7dcae4;
color: #1a1b26;
}
#pulseaudio,
#custom-notifications,
#clock,
#temperature,
#cpu,
#memory,
#disk,
#network,
#bluetooth,
#language {
padding: 0 8px;
color: #c0caf5;
margin: 2px;
}
#temperature.critical {
color: #f7768e;
}
#network.disconnected {
color: #f7768e;
}
#bluetooth.disabled {
color: #565f89;
}
#pulseaudio.muted {
color: #565f89;
}
'';
};
};
}

0
flakes/hyprland/home_manager/wofi.nix → common/desktop_environment/hyprland/home_manager/wofi.nix
View file

97
common/desktop_environment/i3/default.nix Normal file
View file

@ -0,0 +1,97 @@
{
config,
lib,
pkgs,
...
}:
let
ccfg = import ../../config.nix;
cfg_path = [
ccfg.custom_config_key
"desktopEnvironment"
"i3"
];
cfg = lib.attrsets.getAttrFromPath cfg_path config;
in
with lib;
{
options =
{ }
// lib.attrsets.setAttrByPath cfg_path {
enable = lib.mkEnableOption "i3 window manager";
terminalCommand = mkOption {
type = lib.types.str;
default = "kitty";
description = "The terminal command to use.";
};
extraOptions = mkOption {
type = lib.types.attrs;
default = { };
description = "Extra options for i3 home manager configuration.";
};
};
config = lib.mkIf cfg.enable {
# Enable for all users
home-manager = {
sharedModules = [
./home_manager
];
};
services.greetd = {
enable = true;
vt = 2;
settings = {
default_session = {
command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --remember --remember-session --cmd '${pkgs.dbus}/bin/dbus-run-session ${pkgs.xorg.xinit}/bin/xinit ${pkgs.i3}/bin/i3'}";
user = "greeter";
};
};
};
# Caps Lock as Escape for console/tty
console.useXkbConfig = true;
services.xserver.xkb = {
layout = "us";
options = "caps:escape";
};
# flatpaks need this TODO remove flatpaks?
xdg.portal = {
enable = true;
extraPortals = lib.mkForce [
pkgs.xdg-desktop-portal-gtk
];
config.common.default = [
"gtk"
];
};
services.xserver = {
enable = true;
# desktopManager = {
# xterm.enable = false;
# };
windowManager.i3 = {
enable = true;
extraPackages = with pkgs; [
# dmenu # application launcher most people use
# i3status # gives you the default i3 status bar
# i3blocks # if you are planning on using i3blocks over i3status
];
};
};
services.displayManager.defaultSession = "none+i3";
# programs.i3lock.enable = true; # default i3 screen locker
environment.systemPackages = with pkgs; [
xorg.xinit
xorg.setxkbmap
xorg.xset
];
};
}

6
common/desktop_environment/i3/home_manager/default.nix Normal file
View file

@ -0,0 +1,6 @@
{ ... }:
{
imports = [
./i3.nix
];
}

47
common/desktop_environment/i3/home_manager/i3.nix Normal file
View file

@ -0,0 +1,47 @@
{
config,
osConfig,
lib,
...
}:
let
ccfg = import ../../../config.nix;
cfg_path = [
ccfg.custom_config_key
"desktopEnvironment"
"i3"
];
cfg = lib.attrsets.getAttrFromPath cfg_path osConfig;
in
{
xsession.windowManager.i3 = {
enable = true;
config = lib.attrsets.recursiveUpdate {
startup = [
{ command = "setxkbmap -layout us -option caps:escape"; }
];
modifier = "Mod4";
terminal = cfg.terminalCommand;
keybindings =
let
mod = config.xsession.windowManager.i3.config.modifier;
in
{
# Focus
"${mod}+h" = "focus left";
"${mod}+l" = "focus right";
"${mod}+k" = "focus up";
"${mod}+j" = "focus down";
# Apps
"${mod}+Return" = "exec ${cfg.terminalCommand}";
# "${mod}+space" = "exec ${cfg.menu}"; TODO
"${mod}+q" = "kill";
"${mod}+Shift+Escape" = "exit";
"${mod}+Shift+q" = "exec i3lock";
"${mod}+f" = "floating toggle";
};
# See home-manager documentation for everything you can add here.
} cfg.extraOptions;
};
}

139
common/desktop_environment/sway/default.nix Normal file
View file

@ -0,0 +1,139 @@
{
config,
lib,
pkgs,
...
}:
let
ccfg = import ../../config.nix;
cfg_path = [
ccfg.custom_config_key
"desktopEnvironment"
"sway"
];
cfg = lib.attrsets.getAttrFromPath cfg_path config;
in
with lib;
{
options =
{ }
// lib.attrsets.setAttrByPath cfg_path {
enable = lib.mkEnableOption "sway (Wayland i3) desktop environment";
terminalCommand = mkOption {
type = lib.types.str;
default = "foot";
description = "The terminal command to use.";
};
extraOptions = mkOption {
type = lib.types.attrs;
default = { };
description = "Extra options for Sway configuration.";
};
swaync = {
enable = lib.mkEnableOption "Enable Sway Notification Center";
};
waybar = {
enable = lib.mkEnableOption "Enable Waybar (status bar for Sway)";
};
};
config = lib.mkIf cfg.enable {
# Enable for all users via Home Manager fragments in this module
home-manager = {
sharedModules = [ ./home_manager ];
};
services.greetd = {
enable = true;
vt = 2;
settings = {
default_session = {
command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --remember --remember-session --cmd '${pkgs.dbus}/bin/dbus-run-session ${pkgs.sway}/bin/sway'";
user = "greeter";
};
};
};
# Caps Lock as Escape for console/tty and Wayland
console.useXkbConfig = true;
services.xserver.xkb = {
layout = "us";
options = "caps:escape";
};
# Core packages and tools
environment.systemPackages = with pkgs; [
wl-clipboard
wl-clip-persist
wofi # application launcher
nemo # file manager (x11)
feh # image viewer (x11)
networkmanager
upower
brightnessctl
wireplumber
libgtop
bluez
power-profiles-daemon
grim
slurp
wf-recorder
btop
pavucontrol
];
services.blueman.enable = config.hardware.bluetooth.enable;
programs.sway = {
enable = true;
wrapperFeatures.gtk = true; # include GTK integration env
extraPackages = with pkgs; [
xwayland # allow legacy X11 apps
];
};
xdg.portal = {
enable = true;
extraPortals = lib.mkForce [
pkgs.xdg-desktop-portal-wlr
pkgs.xdg-desktop-portal-gtk
];
config.common.default = [
"wlr"
"gtk"
];
};
hardware.graphics = {
enable = true;
# Keep defaults; Sway runs fine with mesa in system
};
# Environment variables
environment.sessionVariables = lib.mkMerge [
{
GTK_THEME = "Adwaita:dark";
XDG_SESSION_TYPE = "wayland";
XDG_CURRENT_DESKTOP = "sway";
XDG_SESSION_DESKTOP = "sway";
WLR_RENDERER = "auto";
# Tell apps to run native wayland
NIXOS_OZONE_WL = "1";
ELECTRON_OZONE_PLATFORM_HINT = "wayland";
GDK_BACKEND = "wayland,x11"; # GTK
QT_QPA_PLATFORM = "wayland;xcb"; # Qt 5/6
MOZ_ENABLE_WAYLAND = "1"; # Firefox
SDL_VIDEODRIVER = "wayland"; # SDL apps/games
CLUTTER_BACKEND = "wayland";
}
];
# Qt theming
qt = {
enable = true;
platformTheme = "gtk2";
style = "adwaita-dark";
};
};
}

0
flakes/common/hm_modules/de_sway/default.nix → common/desktop_environment/sway/home_manager/default.nix
View file

0
flakes/common/hm_modules/de_sway/polkit.nix → common/desktop_environment/sway/home_manager/polkit.nix
View file

185
common/desktop_environment/sway/home_manager/sway.nix Normal file
View file

@ -0,0 +1,185 @@
{
config,
osConfig,
lib,
...
}:
let
ccfg = import ../../../config.nix;
cfg_path = [
ccfg.custom_config_key
"desktopEnvironment"
"sway"
];
cfg = lib.attrsets.getAttrFromPath cfg_path osConfig;
in
{
wayland.windowManager.sway = {
enable = true;
xwayland = true;
config = lib.mkMerge [
rec {
modifier = "Mod4"; # SUPER
terminal = cfg.terminalCommand;
menu = "wofi --show drun";
# Per-output workspace mapping (user can extend via extraOptions)
# Example (left as defaults): users can add `output HDMI-A-1 workspace 1,3,5` in extraOptions
input = {
"type:keyboard" = {
xkb_layout = "us";
xkb_options = "caps:escape";
};
"type:touchpad" = {
natural_scroll = "enabled";
tap = "enabled";
dwt = "enabled";
};
# Disable focus follows mouse to avoid accidental focus changes
# In Sway this behavior is controlled by focus_follows_mouse
};
focus = {
followMouse = "no";
# onWindowActivation = "urgent"; # don't steal focus; mark urgent instead
};
gaps = {
inner = 2;
outer = 5;
smartGaps = false;
smartBorders = "on";
};
colors = {
focused = {
background = "#444444";
border = "#555555";
childBorder = "#444444";
indicator = "#595959";
text = "#f1f1f1";
};
unfocused = {
background = "#222222";
border = "#333333";
childBorder = "#222222";
indicator = "#292d2e";
text = "#888888";
};
};
window = {
border = 1;
titlebar = false;
commands = [
# Bitwarden chrome popup as floating example from Hyprland rules
{
criteria = {
app_id = "chrome-nngceckbapebfimnlniiiahkandclblb-Default";
};
command = "floating enable";
}
{
criteria = {
app_id = "pavucontrol";
};
command = "floating enable, move position center, resize set 620 1200";
}
{
criteria = {
class = "Google-chrome";
window_role = "pop-up";
};
command = "floating enable, move position center, resize set 720 480";
}
{
criteria = {
window_role = "pop-up";
};
command = "floating enable, move position center, resize set 640 420";
}
{
criteria = {
window_role = "About";
};
command = "floating enable, move position center, resize set 640 420";
}
];
};
# Keybindings mirroring Hyprland
keybindings = {
# Apps
"${modifier}+return" = "exec ${cfg.terminalCommand}";
"${modifier}+space" = "exec pkill wofi || wofi --show drun";
"${modifier}+q" = "kill";
"${modifier}+shift+Escape" = "exit";
"${modifier}+shift+q" = "exec swaylock";
"${modifier}+f" = "floating toggle";
# Focus
"${modifier}+h" = "focus left";
"${modifier}+l" = "focus right";
"${modifier}+k" = "focus up";
"${modifier}+j" = "focus down";
# Workspaces (numbers and vim-like mirror)
"${modifier}+1" = "workspace number 1";
"${modifier}+n" = "workspace number 1";
"${modifier}+2" = "workspace number 2";
"${modifier}+m" = "workspace number 2";
"${modifier}+3" = "workspace number 3";
"${modifier}+comma" = "workspace number 3";
"${modifier}+4" = "workspace number 4";
"${modifier}+period" = "workspace number 4";
"${modifier}+5" = "workspace number 5";
"${modifier}+slash" = "workspace number 5";
"${modifier}+6" = "workspace number 6";
"${modifier}+7" = "workspace number 7";
"${modifier}+8" = "workspace number 8";
"${modifier}+9" = "workspace number 9";
"${modifier}+0" = "workspace number 10";
# Move windows
"${modifier}+shift+h" = "move left";
"${modifier}+shift+l" = "move right";
"${modifier}+shift+k" = "move up";
"${modifier}+shift+j" = "move down";
"${modifier}+shift+1" = "move container to workspace number 1";
"${modifier}+shift+n" = "move container to workspace number 1";
"${modifier}+shift+2" = "move container to workspace number 2";
"${modifier}+shift+m" = "move container to workspace number 2";
"${modifier}+shift+3" = "move container to workspace number 3";
"${modifier}+shift+comma" = "move container to workspace number 3";
"${modifier}+shift+4" = "move container to workspace number 4";
"${modifier}+shift+period" = "move container to workspace number 4";
"${modifier}+shift+5" = "move container to workspace number 5";
"${modifier}+shift+slash" = "move container to workspace number 5";
"${modifier}+shift+6" = "move container to workspace number 6";
"${modifier}+shift+7" = "move container to workspace number 7";
"${modifier}+shift+8" = "move container to workspace number 8";
"${modifier}+shift+9" = "move container to workspace number 9";
"${modifier}+shift+0" = "move container to workspace number 10";
# Mouse bindings (Mod + drag)
"${modifier}+button1" = "move";
"${modifier}+button3" = "resize";
# Screenshot
"Print" = "exec grim -g \"$(slurp)\" - | wl-copy";
};
bars = [ ]; # Use Waybar via Home Manager
startup = [
{
command = "exec sh -c 'sleep 0.01; swaymsg workspace number 7 ; sleep 0.01; swaymsg workspace number 1'";
}
{ command = "pgrep waybar >/dev/null || waybar"; }
];
}
cfg.extraOptions
];
};
}

0
flakes/common/hm_modules/de_sway/swaylock.nix → common/desktop_environment/sway/home_manager/swaylock.nix
View file

112
common/desktop_environment/sway/home_manager/swaync.nix Normal file
View file

@ -0,0 +1,112 @@
{ lib, osConfig, ... }:
let
ccfg = import ../../../config.nix;
cfg_path = [
ccfg.custom_config_key
"desktopEnvironment"
"sway"
"swaync"
];
cfg = lib.attrsets.getAttrFromPath cfg_path osConfig;
in
{
config = lib.mkIf cfg.enable {
services.swaync = {
enable = true;
settings = {
ignore = [ "com.spotify.Client" ];
positionX = "right";
positionY = "top";
layer = "overlay";
control-center-layer = "top";
layer-shell = true;
cssPriority = "application";
control-center-margin-top = 0;
control-center-margin-bottom = 0;
control-center-margin-right = 0;
control-center-margin-left = 0;
notification-2fa-action = true;
notification-inline-replies = false;
notification-icon-size = 64;
notification-body-image-height = 100;
notification-body-image-width = 200;
timeout = 10;
timeout-low = 5;
timeout-critical = 0;
control-center-width = 500;
control-center-height = 600;
notification-window-width = 500;
keyboard-shortcuts = true;
image-visibility = "when-available";
transition-time = 200;
hide-on-clear = false;
hide-on-action = true;
script-fail-notify = true;
widgets = [
"inhibitors"
"title"
"dnd"
"volume"
"backlight"
"mpris"
"buttons-grid#quick"
"notifications"
];
widget-config = {
inhibitors = {
text = "Inhibitors";
button-text = "Clear All";
clear-all-button = true;
};
title = {
text = "Notifications";
clear-all-button = true;
button-text = "Clear All";
};
dnd.text = "Do Not Disturb";
mpris = {
image-size = 96;
image-radius = 12;
};
volume = {
label = "󰕾";
show-per-app = true;
};
backlight = {
label = "󰃟";
device = "intel_backlight";
};
# "buttons-grid#quick" = {
# columns = 4;
# icon-size = 20;
# actions = [
# { label = "󰐥"; tooltip = "Shutdown"; command = "confirm-action 'systemctl poweroff' 'Shutdown?'"; }
# { label = "󰜉"; tooltip = "Reboot"; command = "confirm-action 'systemctl reboot' 'Reboot?'"; }
# { label = "󰍃"; tooltip = "Logout"; command = "confirm-action 'swaymsg exit' 'Logout?'"; }
# ];
# };
};
};
style = ''
.control-center { background: #1a1b26; border: 2px solid #7dcae4; border-radius: 12px; }
.control-center-list { background: transparent; }
.control-center .notification-row:focus, .control-center .notification-row:hover { opacity: 1; background: #24283b; }
.notification { border-radius: 8px; margin: 6px 12px; box-shadow: 0 0 0 1px rgba(125,196,228,.3), 0 1px 3px 1px rgba(0,0,0,.7), 0 2px 6px 2px rgba(0,0,0,.3); padding: 0; }
.widget-title { margin: 8px; font-size: 1.5rem; color: #c0caf5; }
.widget-dnd { margin: 8px; font-size: 1.1rem; color: #c0caf5; }
.widget-dnd > switch { font-size: initial; border-radius: 8px; background: #414868; border: 1px solid #7dcae4; }
.widget-dnd > switch:checked { background: #7dcae4; }
.widget-mpris { color: #c0caf5; background: #24283b; padding: 8px; margin: 8px; border-radius: 8px; }
.widget-mpris-player { padding: 8px; margin: 8px; }
.widget-mpris-title { font-weight: bold; font-size: 1.25rem; }
.widget-mpris-subtitle { font-size: 1.1rem; color: #9ece6a; }
.widget-volume, .widget-backlight, .widget-menubar { background: #24283b; padding: 8px; margin: 8px; border-radius: 8px; color: #c0caf5; }
.widget-menubar .menu-item button { background: #1f2335; color: #c0caf5; border-radius: 8px; padding: 6px 10px; margin: 4px; border: 1px solid #2e3440; font-family: "JetBrainsMonoNL Nerd Font"; }
.widget-menubar .menu-item button:hover { background: #414868; border-color: #7dcae4; }
.topbar-buttons button { border: none; background: transparent; color: #c0caf5; font-size: 1.1rem; border-radius: 8px; margin: 0 4px; padding: 8px; }
.topbar-buttons button:hover { background: #414868; }
.topbar-buttons button:active { background: #7dcae4; color: #1a1b26; }
'';
};
};
}

0
flakes/common/hm_modules/de_sway/theme.nix → common/desktop_environment/sway/home_manager/theme.nix
View file

260
common/desktop_environment/sway/home_manager/waybar.nix Normal file
View file

@ -0,0 +1,260 @@
{ lib, osConfig, ... }:
let
ccfg = import ../../../config.nix;
cfg_path = [
ccfg.custom_config_key
"desktopEnvironment"
"sway"
"waybar"
];
cfg = lib.attrsets.getAttrFromPath cfg_path osConfig;
in
{
config = lib.mkIf cfg.enable {
programs.waybar = {
enable = true;
systemd.enable = true;
settings = {
mainBar = {
layer = "top";
position = "top";
height = 28;
spacing = 6;
margin-top = 0;
margin-bottom = 0;
margin-left = 10;
margin-right = 10;
modules-left = [
"sway/workspaces"
];
modules-center = [
"clock"
"temperature"
"cpu"
"memory"
"disk"
];
modules-right = [
"battery"
"battery#bat2"
"pulseaudio"
"network"
"bluetooth"
"power-profiles-daemon"
"backlight"
"custom/notifications"
"sway/language"
"tray"
"custom/power"
];
# LEFT
"sway/workspaces" = {
format = "{icon}";
format-icons = {
"1" = "";
"2" = "";
"3" = "";
"4" = "";
"5" = "";
"6" = "";
"7" = "";
"8" = "";
"9" = "";
"10" = "";
"11" = "";
"12" = "";
"13" = "";
"14" = "";
"15" = "";
"16" = "";
"17" = "";
"18" = "";
"19" = "";
"20" = "";
};
disable-scroll = false;
};
# CENTER
clock = {
format = "{:%b %d, %H:%M}";
tooltip-format = "<big>{:%Y %B}</big>\n<tt><small>{calendar}</small></tt>";
};
temperature = {
thermal-zone = 2;
hwmon-path = "/sys/class/hwmon/hwmon2/temp1_input";
critical-threshold = 80;
format-critical = "󰔏 {temperatureC}°C";
format = "󰔏 {temperatureC}°C";
};
cpu = {
format = "󰻠 {usage}%";
tooltip = true;
on-click = "btop";
};
memory = {
format = "󰍛 {}%";
on-click = "btop";
};
disk = {
interval = 30;
format = "󰋊 {percentage_used}%";
path = "/";
on-click = "btop";
};
# RIGHT
"battery" = {
"states" = {
# "good"= 95;
"warning" = 30;
"critical" = 15;
};
"format" = "{capacity}% {icon}";
"format-full" = "{capacity}% {icon}";
"format-charging" = "{capacity}% ";
"format-plugged" = "{capacity}% ";
"format-alt" = "{time} {icon}";
# "format-good"= ""; // An empty format will hide the module
# "format-full"= "";
"format-icons" = [
""
""
""
""
""
];
};
"battery#bat2" = {
"bat" = "BAT2";
};
pulseaudio = {
format = "{icon} {volume}%";
format-bluetooth = "󰂰 {volume}%";
format-bluetooth-muted = "󰂲 ";
format-muted = "󰖁 ";
format-source = "󰍬 {volume}%";
format-source-muted = "󰍭 ";
format-icons = {
headphone = "󰋋";
hands-free = "󰂑";
headset = "󰂑";
phone = "󰏲";
portable = "󰦧";
car = "󰄋";
default = [
"󰕿"
"󰖀"
"󰕾"
];
};
scroll-step = 5;
on-click = "pavucontrol";
on-click-right = "wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle";
};
network = {
format-wifi = "󰤨 {essid} ({signalStrength}%)";
format-ethernet = "󰈀 {ipaddr}/{cidr}";
tooltip-format = "{ifname} via {gwaddr} ";
format-linked = "󰈀 {ifname} (No IP)";
format-disconnected = "󰖪 Disconnected";
# on-click = "wofi-wifi-menu";
# on-click-right = "nmcli radio wifi toggle";
};
bluetooth = {
format = "󰂯 {status}";
format-connected = "󰂱 {device_alias}";
format-connected-battery = "󰂱 {device_alias} {device_battery_percentage}%";
tooltip-format = "{controller_alias}\t{controller_address}\n\n{num_connections} connected";
tooltip-format-connected = "{controller_alias}\t{controller_address}\n\n{num_connections} connected\n\n{device_enumerate}";
tooltip-format-enumerate-connected = "{device_alias}\t{device_address}";
tooltip-format-enumerate-connected-battery = "{device_alias}\t{device_address}\t{device_battery_percentage}%";
# on-click = "wofi-bluetooth-menu";
# on-click-right = "bluetoothctl power toggle";
};
"power-profiles-daemon" = {
format = "{icon}";
"tooltip-format" = "Power profile: {profile}\nDriver: {driver}";
tooltip = true;
"format-icons" = {
default = "";
performance = "";
balanced = "";
"power-saver" = "";
};
};
backlight = {
format = "{percent}% {icon}";
"format-icons" = [
""
""
""
""
""
""
""
""
""
];
};
"custom/notifications" = {
format = "{icon} {}";
format-icons = {
notification = "";
none = "";
dnd-notification = "󰂛";
dnd-none = "󰂛";
inhibited-notification = "";
inhibited-none = "";
dnd-inhibited-notification = "󰂛";
dnd-inhibited-none = "󰂛";
};
return-type = "json";
exec-if = "which swaync-client";
exec = "swaync-client -swb";
on-click = "swaync-client -t -sw";
on-click-right = "swaync-client -d -sw";
escape = true;
tooltip = false;
};
"sway/language" = {
format = "{}";
};
"tray" = {
"spacing" = 10;
};
"custom/power" = {
format = " ";
tooltip = false;
menu = "on-click";
"menu-file" = ./waybar/power_menu.xml;
"menu-actions" = {
shutdown = "shutdown 0";
reboot = "reboot";
logout = "loginctl terminate-session $(loginctl list-sessions | grep seat0 | awk '{print $1}')";
};
};
};
};
style = builtins.readFile ./waybar/waybar.css;
};
};
}

0
flakes/common/hm_modules/de_sway/waybar/power_menu.xml → common/desktop_environment/sway/home_manager/waybar/power_menu.xml
View file

0
flakes/common/hm_modules/de_sway/waybar/waybar.css → common/desktop_environment/sway/home_manager/waybar/waybar.css
View file

0
flakes/common/hm_modules/de_sway/wofi.nix → common/desktop_environment/sway/home_manager/wofi.nix
View file

57
flakes/secrets/flake.lock → common/flake.lock generated
View file

@ -3,7 +3,7 @@
"agenix": {
"inputs": {
"darwin": "darwin",
"home-manager": "home-manager",
"home-manager": "home-manager_2",
"nixpkgs": [
"ragenix",
"nixpkgs"
@ -81,6 +81,25 @@
}
},
"home-manager": {
"inputs": {
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1758313341,
"narHash": "sha256-SsI6INUzWwPcRKRaxvi50RttnD9rcC4EjV+67TOEfrQ=",
"owner": "rycee",
"repo": "home-manager",
"rev": "6f656618ebc71ca82d93d306a8aecb2c5f6f2ab2",
"type": "github"
},
"original": {
"owner": "rycee",
"ref": "release-25.05",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_2": {
"inputs": {
"nixpkgs": [
"ragenix",
@ -102,7 +121,39 @@
"type": "github"
}
},
"nix-flatpak": {
"locked": {
"lastModified": 1739444422,
"narHash": "sha256-iAVVHi7X3kWORftY+LVbRiStRnQEob2TULWyjMS6dWg=",
"owner": "gmodena",
"repo": "nix-flatpak",
"rev": "5e54c3ca05a7c7d968ae1ddeabe01d2a9bc1e177",
"type": "github"
},
"original": {
"owner": "gmodena",
"ref": "latest",
"repo": "nix-flatpak",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1753345091,
"narHash": "sha256-CdX2Rtvp5I8HGu9swBmYuq+ILwRxpXdJwlpg8jvN4tU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "3ff0e34b1383648053bba8ed03f201d3466f90c9",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-25.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1741379970,
"narHash": "sha256-Wh7esNh7G24qYleLvgOSY/7HlDUzWaL/n4qzlBePpiw=",
@ -123,7 +174,7 @@
"agenix": "agenix",
"crane": "crane",
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs",
"nixpkgs": "nixpkgs_2",
"rust-overlay": "rust-overlay"
},
"locked": {
@ -142,6 +193,8 @@
},
"root": {
"inputs": {
"home-manager": "home-manager",
"nix-flatpak": "nix-flatpak",
"ragenix": "ragenix"
}
},

89
common/flake.nix Normal file
View file

@ -0,0 +1,89 @@
{
inputs = {
# NOTE if you add/change any inputs here also add them in the TOP level repo's flake.nix
home-manager.url = "github:rycee/home-manager/release-25.05";
ragenix.url = "github:yaxitech/ragenix";
nix-flatpak.url = "github:gmodena/nix-flatpak/?ref=latest";
# disabled for now
# hyprland.url = "github:hyprwm/Hyprland";
};
outputs =
{
home-manager,
ragenix,
nix-flatpak,
# hyprland,
...
}:
{
nixosModules = {
default =
{
config,
lib,
pkgs,
...
}:
{
imports = [
home-manager.nixosModules.default
ragenix.nixosModules.age
nix-flatpak.nixosModules.nix-flatpak
# hyprland.nixosModules.default
./_home_manager
./options.nix
./general
./boot
./desktop_environment
./users
./programs
./secrets
];
config = {
nixpkgs.overlays = [
# (final: prev: {
# wayland-protocols =
# nixpkgs-unstable.legacyPackages.${prev.stdenv.hostPlatform.system}.wayland-protocols;
# })
];
_module.args = {
inherit ragenix;
# inherit hyprland;
# hyprlandPkgs = import hyprland.inputs.nixpkgs {
# system = pkgs.stdenv.hostPlatform.system;
# config = config.nixpkgs.config or { };
# };
};
};
};
containers = {
forgejo = import ./_containers/forgejo.nix;
};
};
homeManagerModules = {
# hyprland = hyprland.homeManagerModules.default;
zsh = import ./_home_manager/mods/zsh.nix;
tmux = import ./_home_manager/mods/tmux/tmux.nix;
atuin = import ./_home_manager/mods/atuin.nix;
zoxide = import ./_home_manager/mods/zoxide.nix;
starship = import ./_home_manager/mods/starship.nix;
direnv = import ./_home_manager/mods/direnv.nix;
ssh = import ./_home_manager/mods/ssh.nix;
git = import ./_home_manager/mods/git.nix;
nix_deprecations = import ./_home_manager/mods/nix_deprecations.nix;
alacritty = import ./_home_manager/mods/alacritty.nix;
foot = import ./_home_manager/mods/foot.nix;
kitty = import ./_home_manager/mods/kitty.nix;
launcher_rofi = import ./_home_manager/mods/launcher_rofi.nix;
obs = import ./_home_manager/mods/obs.nix;
postgres = import ./_home_manager/mods/postgres.nix;
slicer = import ./_home_manager/mods/slicer.nix;
};
};
}

211
common/general/default.nix Normal file
View file

@ -0,0 +1,211 @@
{
config,
lib,
...
}:
let
ccfg = import ../config.nix;
cfg_path = [
ccfg.custom_config_key
"general"
];
cfg = lib.attrsets.getAttrFromPath cfg_path config;
top_cfg = config.${ccfg.custom_config_key};
in
{
options =
{ }
// lib.attrsets.setAttrByPath cfg_path {
flakeOptions = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Enable nix flake options";
};
unfree = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Enable unfree packages";
};
readWindowsDrives = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Read windows drives";
};
disableRemoteBuildsOnLio = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Disable remote builds on lio";
};
timezone = lib.mkOption {
type = lib.types.str;
default = "America/Chicago";
description = "Timezone";
};
defaultLocal = lib.mkOption {
type = lib.types.str;
default = "en_US.UTF-8";
description = "Default locale";
};
fastShutdown = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Fast shutdown";
};
enableSleep = lib.mkEnableOption (lib.mdDoc "Enable auto sleeping");
hideBootLogs = lib.mkEnableOption (lib.mdDoc "Hide boot logs on startup");
};
imports = [
./shell/common.nix
./fonts.nix
./tty_caps_esc.nix
./reporting.nix
];
config = {
# name this computer
networking = {
hostName = top_cfg.systemName;
nftables.enable = true;
nftables.flushRuleset = true;
firewall.enable = true;
};
# Enable flakes
nix.settings.experimental-features = lib.mkIf cfg.flakeOptions [
"nix-command"
"flakes"
];
# Allow unfree
nixpkgs.config.allowUnfree = cfg.unfree;
nixpkgs.config.allowUnfreePredicate = (pkg: cfg.unfree);
environment.variables = lib.mkIf cfg.unfree {
NIXPKGS_ALLOW_UNFREE = "1";
};
# allow mounting ntfs filesystems
boot.supportedFilesystems = lib.mkIf cfg.readWindowsDrives [ "ntfs" ];
# make shutdown faster for waiting
systemd.extraConfig = lib.mkIf cfg.fastShutdown ''
DefaultTimeoutStopSec=8s
'';
nix.settings = {
max-jobs = "auto";
# Fallback quickly if substituters are not available.
connect-timeout = 5;
download-attempts = 3;
download-buffer-size = 524288000; # default is 67108864, this increases to ~500MB
# The default at 10 is rarely enough.
log-lines = 50;
# Avoid disk full issues
max-free = (3000 * 1024 * 1024);
min-free = (1000 * 1024 * 1024);
# Avoid copying unnecessary stuff over SSH
builders-use-substitutes = true;
auto-optimise-store = true;
trusted-users = [
"root"
"@wheel"
];
substituters = [
"https://cache.nixos.org/"
"https://hyprland.cachix.org"
"https://cosmic.cachix.org/"
"https://nix-community.cachix.org"
];
trusted-substituters = config.nix.settings.substituters;
trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
"cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
};
nix.extraOptions = ''
keep-outputs = true
keep-derivations = true
${lib.optionalString (
# TODO revisit this should it move?
config ? age && config.age ? secrets && config.age.secrets ? github_read_token
) "!include ${config.age.secrets.github_read_token.path}"}
'';
# Enable zsh
programs.zsh.enable = true;
environment.pathsToLink = [ "/share/zsh" ];
# nix helper
programs.nh = {
enable = true;
# clean.enable = true; # TODO revist does this solve my re-building issues?
clean.extraArgs = "--keep 10";
# `flake` path is set in users/default.nix for the primary user if set
};
# Remote build off home lio computer
programs.ssh.extraConfig = lib.mkIf (!cfg.disableRemoteBuildsOnLio) ''
Host lio_
PubkeyAcceptedKeyTypes ssh-ed25519
ServerAliveInterval 60
IPQoS throughput
${lib.optionalString (
config ? age && config.age ? secrets && config.age.secrets ? nix2lio
) "IdentityFile ${config.age.secrets.nix2lio.path}"}
'';
nix = {
distributedBuilds = lib.mkIf (!cfg.disableRemoteBuildsOnLio) true;
buildMachines = lib.mkIf (!cfg.disableRemoteBuildsOnLio) [
{
hostName = "lio";
system = "x86_64-linux";
protocol = "ssh-ng";
maxJobs = 32;
speedFactor = 2;
supportedFeatures = [
"nixos-test"
"benchmark"
"big-parallel"
"kvm"
"uid-range" # Often helpful
];
mandatoryFeatures = [ ];
}
];
};
# TODO can I make this Roaming automatically somehow?
time.timeZone = cfg.timezone;
# Select internationalization properties.
i18n.defaultLocale = cfg.defaultLocal;
i18n.extraLocaleSettings = {
LC_ADDRESS = cfg.defaultLocal;
LC_IDENTIFICATION = cfg.defaultLocal;
LC_MEASUREMENT = cfg.defaultLocal;
LC_MONETARY = cfg.defaultLocal;
LC_NAME = cfg.defaultLocal;
LC_NUMERIC = cfg.defaultLocal;
LC_PAPER = cfg.defaultLocal;
LC_TELEPHONE = cfg.defaultLocal;
LC_TIME = cfg.defaultLocal;
};
# Turn off sleep
systemd.sleep.extraConfig = lib.mkIf (!cfg.enableSleep) ''
[Sleep]
AllowSuspend=no
AllowHibernation=no
AllowSuspendThenHibernate=no
AllowHybridSleep=no
'';
# Hide boot logs
boot.initrd.verbose = cfg.hideBootLogs;
boot.consoleLogLevel = lib.mkIf cfg.hideBootLogs 3;
boot.kernelParams = lib.mkIf cfg.hideBootLogs [
"quiet"
"loglevel=3"
"systemd.show_status=false"
];
};
}

59
common/general/fonts.nix Normal file
View file

@ -0,0 +1,59 @@
{
pkgs,
lib,
config,
...
}:
let
hasNewJetbrainsMono =
if builtins.hasAttr "nerd-fonts" pkgs then
builtins.hasAttr "jetbrains-mono" pkgs."nerd-fonts"
else
false;
jetbrainsMonoFont =
if hasNewJetbrainsMono then
pkgs.nerd-fonts.jetbrains-mono
else
(pkgs.nerdfonts.override { fonts = [ "JetBrainsMono" ]; });
ccfg = import ../config.nix;
cfg_path = [
ccfg.custom_config_key
"general"
];
cfg = lib.attrsets.getAttrFromPath cfg_path config;
in
{
options =
{ }
// lib.attrsets.setAttrByPath cfg_path {
jetbrainsMonoFont = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Enable jetbrains mono font";
};
japaneseFonts = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Enable japanese fonts";
};
};
config = {
fonts.packages =
lib.optionals cfg.jetbrainsMonoFont [
jetbrainsMonoFont
]
++ lib.optionals cfg.japaneseFonts (
with pkgs;
[
ipafont
kochi-substitute
noto-fonts-cjk-sans # Or another CJK font
]
);
fonts.fontconfig.enable = true;
};
}

80
common/general/reporting.nix Normal file
View file

@ -0,0 +1,80 @@
{
lib,
config,
...
}:
let
ccfg = import ../config.nix;
cfg_path = [
ccfg.custom_config_key
"general"
"reporting"
];
cfg = lib.attrsets.getAttrFromPath cfg_path config;
in
{
options =
{ }
// lib.attrsets.setAttrByPath cfg_path {
enable = lib.mkEnableOption "Reporting node info and logs to grafana";
lokiUrl = lib.mkOption {
type = lib.types.str;
default = "http://h001.net.joshuabell.xyz:3100/loki/api/v1/push";
description = "URL of the Loki instance to send logs to";
};
};
config = lib.mkIf cfg.enable {
services.prometheus.exporters.node = {
enable = true;
port = 9100;
};
# Create necessary directories with appropriate permissions
systemd.tmpfiles.rules = [
"d /tmp/positions 1777 - - -" # World-writable directory for positions file
"f /tmp/positions.yaml 0666 - - -" # World-writable positions file
];
users.groups.systemd-journal.members = [ "promtail" ];
services.promtail = {
enable = true;
extraFlags = [
"-config.expand-env=true"
];
configuration = {
server = {
http_listen_port = 9080;
grpc_listen_port = 0;
};
positions = {
filename = "/tmp/positions.yaml"; # Changed from /var/lib/promtail/positions.yaml
};
clients = [
{
url = cfg.lokiUrl;
}
];
scrape_configs = [
{
job_name = "journal";
journal = {
json = false;
max_age = "12h";
path = "/var/log/journal";
labels = {
job = "systemd-journal";
host = config.networking.hostName;
};
};
relabel_configs = [
{
source_labels = [ "__journal__systemd_unit" ];
target_label = "unit";
}
];
}
];
};
};
};
}

53
flakes/common/nix_modules/git/branch.func.sh → common/general/shell/branch.func.sh
View file

@ -175,61 +175,10 @@ branch() {
echo "Creating new worktree for branch '$branch_name' at '$wt_path'."
# Try to add or update worktree from the resolved ref. Use a fallback path if needed.
_branch__post_setup() {
local repo_dir="$1" wt_path="$2"
# Sentinel in worktree-specific git dir to avoid re-running
local git_dir sentinel
git_dir=$(git -C "$wt_path" rev-parse --git-dir 2>/dev/null || true)
sentinel="$git_dir/post-setup.done"
if [ -f "$sentinel" ]; then
return 0
fi
_branch__auto_link "$repo_dir" "$wt_path" || true
_branch__bootstrap "$repo_dir" "$wt_path" || true
: > "$sentinel" 2>/dev/null || true
}
_branch__auto_link() {
local repo_dir="$1" wt_path="$2"
local has_cfg
has_cfg=$(git -C "$repo_dir" config --get-all worktree.autolink 2>/dev/null | wc -l)
if [ "${BRANCH_AUTOLINK:-0}" -eq 1 ] || [ "$has_cfg" -gt 0 ]; then
if command -v link_ignored >/dev/null 2>&1; then
( cd "$wt_path" && link_ignored --auto --no-fzf ) || true
fi
fi
}
_branch__bootstrap() {
local repo_dir="$1" wt_path="$2"
local mode cmd
mode=$(git -C "$repo_dir" config --get worktree.bootstrap 2>/dev/null || true)
if [ -n "${BRANCH_BOOTSTRAP_CMD:-}" ]; then
cmd="$BRANCH_BOOTSTRAP_CMD"
elif [ -n "$mode" ]; then
cmd="$mode"
else
case "${BRANCH_BOOTSTRAP:-skip}" in
auto)
if [ -f "$wt_path/pnpm-lock.yaml" ]; then cmd="pnpm i --frozen-lockfile"
elif [ -f "$wt_path/yarn.lock" ]; then cmd="yarn install --frozen-lockfile || yarn install --immutable"
elif [ -f "$wt_path/package-lock.json" ]; then cmd="npm ci"
else cmd=""; fi
;;
skip|0|false) cmd="" ;;
1|true) cmd="npm ci" ;;
esac
fi
[ -z "$cmd" ] && return 0
( cd "$wt_path" && eval "$cmd" ) || true
}
if [ "$local_exists" -eq 1 ]; then
if git -C "$repo_dir" worktree add "$wt_path" "$branch_name" 2>/dev/null; then
cd "$wt_path" || return 1
_branch__maybe_set_tmux_name "$branch_name" "$prev_branch" || true
_branch__post_setup "$repo_dir" "$wt_path" || true
return 0
fi
@ -237,7 +186,6 @@ branch() {
if git -C "$repo_dir" worktree add -b "$branch_name" "$wt_path" "$branch_from" 2>/dev/null; then
cd "$wt_path" || return 1
_branch__maybe_set_tmux_name "$branch_name" "$prev_branch" || true
_branch__post_setup "$repo_dir" "$wt_path" || true
return 0
fi
fi
@ -249,7 +197,6 @@ branch() {
if git -C "$repo_dir" worktree add "$wt_path" "$branch_name" 2>/dev/null; then
cd "$wt_path" || return 1
_branch__maybe_set_tmux_name "$branch_name" "$prev_branch" || true
_branch__post_setup "$repo_dir" "$wt_path" || true
return 0
else
git -C "$repo_dir" branch -D "$branch_name" 2>/dev/null || true

0
flakes/common/nix_modules/git/branchd.func.sh → common/general/shell/branchd.func.sh
View file

73
common/general/shell/common.nix Normal file
View file

@ -0,0 +1,73 @@
{
lib,
pkgs,
...
}:
with lib;
{
config = {
environment.systemPackages = with pkgs; [
# Basics
vim
nano
wget
curl
jq
fastfetch
bat
htop
unzip
git
fzf
ripgrep
lsof
killall
hdparm
speedtest-cli
lf
];
environment.shellAliases = {
n = "nvim";
nn = "nvim --headless '+SessionDelete' +qa > /dev/null 2>&1 && nvim";
bat = "bat --theme Coldark-Dark";
cat = "bat --pager=never -p";
# TODO this may not be needed now that I am using `nh` clean mode (see /hosts/_common/configuration.nix#programs.nh)
nix-boot-clean = "find '/boot/loader/entries' -type f ! -name 'windows.conf' | head -n -4 | xargs -I {} rm {}; nix store gc; nixos-rebuild boot; echo; df";
ndr = "nix-direnv-reload";
# general unix
date_compact = "date +'%Y%m%d'";
date_short = "date +'%Y-%m-%d'";
ls = "ls --color -Gah";
ll = "ls --color -Galh";
lss = "du --max-depth=0 -h {.,}* 2>/dev/null | sort -hr";
psg = "ps aux | head -n 1 && ps aux | grep -v 'grep' | grep";
cl = "clear";
# git
status = "git status";
diff = "git diff";
branches = "git branch -a";
gcam = "git commit -a -m";
gcm = "git commit -m";
stashes = "git stash list";
bd = "branch default";
li = "link_ignored";
bx = "branchdel";
b = "branch";
# ripgrep
rg = "rg --no-ignore";
rgf = "rg --files --glob '!/nix/store/**' 2>/dev/null | rg";
};
environment.shellInit = lib.concatStringsSep "\n\n" [
(builtins.readFile ./common.sh)
(builtins.readFile ./tmux_helpers.sh)
(builtins.readFile ./branch.func.sh)
(builtins.readFile ./branchd.func.sh)
(builtins.readFile ./link_ignored.func.sh)
];
};
}

89
flakes/common/nix_modules/git/utils.func.sh → common/general/shell/common.sh
View file

@ -1,3 +1,70 @@
# Check if ~/.config/environment exists and source all files within it
if [ -d "$HOME/.config/environment" ]; then
for file in "$HOME/.config/environment/"*; do
if [ -r "$file" ]; then
if ! . "$file"; then
echo "Failed to source $file"
fi
fi
done
fi
# Basics
htop_psg () {
htop -p $(psg $1 | awk '{r=r s $2;s=","} END{print r}')
}
htop_pid () {
htop -p $(ps -ef | awk -v proc=$1 '$3 == proc { cnt++;if (cnt == 1) { printf "%s",$2 } else { printf ",%s",$2 } }')
}
psg_kill() {
ps aux | grep -v "grep" | grep "${1}" | awk '{print $2}' | while read -r pid; do
if [ -n "${pid}" ]; then
echo "killing ${pid}"
kill -9 "${pid}" &> /dev/null
fi
done
}
psg_terminate() {
ps aux | grep -v "grep" | grep "${1}" | awk '{print $2}' | while read -r pid; do
if [ -n "${pid}" ]; then
echo "Terminating ${pid}"
kill -15 "${pid}" &> /dev/null
fi
done
}
psg_skill() {
ps aux | grep -v "grep" | grep "${1}" | awk '{print $2}' | while read -r pid; do
if [ -n "${pid}" ]; then
echo "Killing ${pid}"
sudo kill -9 "${pid}" &> /dev/null
fi
done
}
mail_clear() {
: > /var/mail/$USER
}
speedtest_fs () {
dir=$(pwd)
drive=$(df -h ${dir} | awk 'NR==2 {print $1}')
echo Testing read speeds on drive ${drive}
sudo hdparm -Tt ${drive}
test_file=$(date +%u%m%d)
test_file="${dir}/speedtest_fs_${test_file}"
echo
echo Testing write speeds into test file: ${test_file}
dd if=/dev/zero of=${test_file} bs=8k count=10k; rm -f ${test_file}
}
speedtest_internet () {
speedtest-cli
}
# git
getdefault () {
git remote show origin | grep "HEAD branch" | sed 's/.*: //'
@ -78,7 +145,7 @@ stash() {
read -e -p "Stash label [default: $default_label]: " label
fi
label=${label:-$default_label}
git stash push -u -k -m "$label"
git stash push -m "$label"
}
pop() {
@ -105,6 +172,20 @@ delstash() {
git stash drop "$stash_ref"
}
# nix
alias nixpkgs=nixpkg
nixpkg () {
if [ $# -eq 0 ]; then
echo "Error: No arguments provided. Please specify at least one package."
return 1
fi
cmd="nix shell"
for pkg in "$@"; do
cmd="$cmd \"nixpkgs#$pkg\""
done
eval $cmd
}
# Marks some files as in "git" but they won't actually get pushed up to the git repo
# Usefull for `gintent .envrc flake.lock flake.nix` to add nix items required by flakes in a git repo that won't want flakes added
gintent() {
@ -131,3 +212,9 @@ gintent_undo() {
done
}
alias gintentnix_undo="gintent_undo .envrc flake.lock flake.nix"
# Aider
aider () {
http_proxy="" all_proxy="" https_proxy="" AZURE_API_BASE=http://100.64.0.8 AZURE_API_VERSION=2025-01-01-preview AZURE_API_KEY=1 nix run "nixpkgs#aider-chat-full" -- aider --dark-mode --no-gitignore --no-check-update --no-auto-commits --model azure/gpt-4.1-2025-04-14 $@
}

55
flakes/common/nix_modules/git/link_ignored.func.sh → common/general/shell/link_ignored.func.sh
View file

@ -1,14 +1,12 @@
link_ignored() {
local DRY_RUN=0
local USE_FZF=1
local AUTO=0
local -a PATTERNS=()
while [ $# -gt 0 ]; do
case "$1" in
--dry-run) DRY_RUN=1; shift ;;
--no-fzf) USE_FZF=0; shift ;;
--auto) AUTO=1; shift ;;
-h|--help) link_ignored_usage; return 0 ;;
--) shift; break ;;
*) PATTERNS+=("$1"); shift ;;
@ -17,16 +15,11 @@ link_ignored() {
link_ignored_usage() {
cat <<EOF
Usage: link_ignored [--dry-run] [--no-fzf] [--auto] [pattern ...]
Usage: link_ignored [--dry-run] [--no-fzf] [pattern ...]
Interactively or non-interactively create symlinks in the current worktree
for files/dirs that exist in the main repository root but are git-ignored /
untracked.
Defaults:
- If no patterns provided, tries git config worktree.autolink (multi)
- Else falls back to env LINK_IGNORED_DEFAULTS (space-separated)
- With --auto and defaults present, skips fzf and links immediately
EOF
}
@ -45,38 +38,6 @@ EOF
return 2
fi
_li_load_defaults() {
local -a cfg=()
while IFS= read -r line; do
[ -n "$line" ] && cfg+=("$line")
done < <(git -C "$repo_root" config --get-all worktree.autolink 2>/dev/null || true)
if [ ${#cfg[@]} -gt 0 ]; then
PATTERNS=("${cfg[@]}")
return 0
fi
if [ -n "${LINK_IGNORED_DEFAULTS:-}" ]; then
if [ -n "${ZSH_VERSION:-}" ]; then
eval "PATTERNS=(${=LINK_IGNORED_DEFAULTS})"
else
read -r -a PATTERNS <<< "$LINK_IGNORED_DEFAULTS"
fi
return 0
fi
return 1
}
# Try to load defaults if none provided
if [ ${#PATTERNS[@]} -eq 0 ]; then
_li_load_defaults || true
fi
# If AUTO requested and we have patterns, skip fzf
if [ $AUTO -eq 1 ] && [ ${#PATTERNS[@]} -gt 0 ]; then
USE_FZF=0
fi
local -a candidates=()
while IFS= read -r -d '' file; do
candidates+=("$file")
@ -99,18 +60,6 @@ EOF
[ "$found" -eq 0 ] && tops+=("$top")
done
# Hard-coded top-level excludes to avoid noisy build outputs
local -a EXCLUDES=(build dist)
if [ ${#tops[@]} -gt 0 ]; then
local -a tops_filtered=()
for t in "${tops[@]}"; do
local skip=0
for e in "${EXCLUDES[@]}"; do [ "$t" = "$e" ] && skip=1 && break; done
[ $skip -eq 0 ] && tops_filtered+=("$t")
done
tops=("${tops_filtered[@]}")
fi
if [ ${#tops[@]} -eq 0 ]; then
echo "No top-level ignored/untracked entries found in $repo_root"
return 0
@ -138,7 +87,7 @@ EOF
local -a chosen
if command -v fzf >/dev/null 2>&1 && [ "$USE_FZF" -eq 1 ]; then
local selected
selected=$(printf "%s\n" "${filtered[@]}" | fzf --multi --height=40% --border --prompt="Select items to link: " --preview "if [ -f '$repo_root'/{} ]; then bat --color always --paging=never --style=plain '$repo_root'/{}; else ls -la '$repo_root'/{}; fi")
selected=$(printf "%s\n" "${filtered[@]}" | fzf --multi --height=40% --border --prompt="Select files to link: " --preview "if [ -f '$repo_root'/{} ]; then bat --color always --paging=never --style=plain '$repo_root'/{}; else ls -la '$repo_root'/{}; fi")
if [ -z "$selected" ]; then
echo "No files selected." && return 0
fi

0
flakes/common/nix_modules/tmux/tmux_helpers.sh → common/general/shell/tmux_helpers.sh
View file

33
common/general/tty_caps_esc.nix Normal file
View file

@ -0,0 +1,33 @@
{
lib,
pkgs,
config,
...
}:
let
ccfg = import ../config.nix;
cfg_path = [
ccfg.custom_config_key
"general"
];
cfg = lib.attrsets.getAttrFromPath cfg_path config;
in
{
options =
{ }
// lib.attrsets.setAttrByPath cfg_path {
ttyCapsEscape = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Enable caps for escape key";
};
};
config = lib.mkIf cfg.ttyCapsEscape {
services.xserver.xkb.options = "caps:escape";
console = {
earlySetup = true;
packages = with pkgs; [ terminus_font ];
useXkbConfig = true; # use xkb.options in tty. (caps -> escape)
};
};
}

18
common/options.nix Normal file
View file

@ -0,0 +1,18 @@
{
config,
lib,
...
}:
let
ccfg = import ./config.nix;
cfg_path = "${ccfg.custom_config_key}";
cfg = config.${cfg_path};
in
{
options.${cfg_path} = {
systemName = lib.mkOption {
type = lib.types.str;
description = "The name of the system.";
};
};
}

43
common/programs/default.nix Normal file
View file

@ -0,0 +1,43 @@
{ config, lib, ... }:
let
ccfg = import ../config.nix;
cfg = config.${ccfg.custom_config_key}.programs;
in
{
imports = [
./qFlipper.nix
./rustDev.nix
./uhkAgent.nix
./tailnet.nix
./ssh.nix
./docker.nix
./podman.nix
./incus.nix
./flatpaks.nix
./virt-manager.nix
];
config = {
assertions = [
(
let
enabledVirtualizers = lib.filter (x: x.enabled) [
{
name = "docker";
enabled = cfg.docker.enable;
}
{
name = "podman";
enabled = cfg.podman.enable;
}
];
in
{
assertion = lib.length enabledVirtualizers <= 1;
message =
"Only one virtualizer can be enabled at a time. Enabled: "
+ lib.concatStringsSep ", " (map (x: x.name) enabledVirtualizers);
}
)
];
};
}

36
common/programs/docker.nix Normal file
View file

@ -0,0 +1,36 @@
{
config,
lib,
...
}:
let
ccfg = import ../config.nix;
cfg_path = [
ccfg.custom_config_key
"programs"
"docker"
];
cfg = lib.attrsets.getAttrFromPath cfg_path config;
users_cfg = config.${ccfg.custom_config_key}.users;
in
{
options =
{ }
// lib.attrsets.setAttrByPath cfg_path {
enable = lib.mkEnableOption "docker";
};
config = lib.mkIf cfg.enable {
virtualisation.docker = {
enable = true;
autoPrune.enable = true;
};
# TODO add admins?
users.extraGroups.docker.members = lib.mkIf (users_cfg.primary != null) [ users_cfg.primary ];
environment.shellAliases = {
dockerv = "docker volume";
dockeri = "docker image";
dockerc = "docker container";
};
};
}

66
common/programs/flatpaks.nix Normal file
View file

@ -0,0 +1,66 @@
{
config,
lib,
...
}:
let
ccfg = import ../config.nix;
cfg_path = [
ccfg.custom_config_key
"programs"
"flatpaks"
];
cfg = lib.attrsets.getAttrFromPath cfg_path config;
in
{
options =
{ }
// lib.attrsets.setAttrByPath cfg_path {
enable = lib.mkEnableOption "flatpaks";
packages = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
description = "List of Flatpak package names to install.";
};
};
config = lib.mkIf cfg.enable {
services.flatpak = {
enable = true;
packages = cfg.packages;
overrides = {
global = {
Context.sockets = [
"wayland"
"x11"
];
Context.devices = [ "dri" ]; # allow GPU access if desired
Environment = {
XCURSOR_PATH = "/run/host/user-share/icons:/run/host/share/icons";
GTK_THEME = "Adwaita:dark";
# Force wayland as much as possible.
ELECTRON_OZONE_PLATFORM_HINT = "auto"; # or 'auto'
GTK_USE_PORTAL = "1";
OZONE_PLATFORM = "wayland";
QT_QPA_PLATFORM = "xcb"; # force XCB for Flatpaks (XWayland)
};
};
"org.signal.Signal" = {
Environment = {
SIGNAL_PASSWORD_STORE = "gnome-libsecret";
};
Context = {
sockets = [
"xfg-settings"
];
};
};
"com.google.Chrome" = {
Environment = {
CHROME_EXTRA_ARGS = "--enable-features=WaylandWindowDecorations --ozone-platform-hint=auto";
};
};
};
};
};
}

33
common/programs/incus.nix Normal file
View file

@ -0,0 +1,33 @@
{
config,
lib,
...
}:
let
ccfg = import ../config.nix;
cfg_path = [
ccfg.custom_config_key
"programs"
"incus"
];
cfg = lib.attrsets.getAttrFromPath cfg_path config;
users_cfg = config.${ccfg.custom_config_key}.users;
in
{
options =
{ }
// lib.attrsets.setAttrByPath cfg_path {
enable = lib.mkEnableOption "incus";
};
config = lib.mkIf cfg.enable {
virtualisation.incus = {
enable = true;
agent.enable = true;
ui.enable = true;
};
users.extraGroups.incus_admin.members = lib.mkIf (users_cfg.primary != null) [ users_cfg.primary ];
users.extraGroups.incus.members = lib.mkIf (users_cfg.primary != null) [ users_cfg.primary ];
};
}

32
common/programs/podman.nix Normal file
View file

@ -0,0 +1,32 @@
{
config,
lib,
...
}:
let
ccfg = import ../config.nix;
cfg_path = [
ccfg.custom_config_key
"programs"
"podman"
];
cfg = lib.attrsets.getAttrFromPath cfg_path config;
users_cfg = config.${ccfg.custom_config_key}.users;
in
{
options =
{ }
// lib.attrsets.setAttrByPath cfg_path {
enable = lib.mkEnableOption "podman";
};
config = lib.mkIf cfg.enable {
virtualisation.podman = {
enable = true;
dockerSocket.enable = true;
autoPrune.enable = true;
};
# TODO add admins?
users.extraGroups.podman.members = lib.mkIf (users_cfg.primary != null) [ users_cfg.primary ];
};
}

33
common/programs/qFlipper.nix Normal file
View file

@ -0,0 +1,33 @@
{
config,
lib,
pkgs,
...
}:
let
ccfg = import ../config.nix;
cfg_path = [
ccfg.custom_config_key
"programs"
"qFlipper"
];
cfg = lib.attrsets.getAttrFromPath cfg_path config;
in
{
options =
{ }
// lib.attrsets.setAttrByPath cfg_path {
enable = lib.mkEnableOption "qFlipper";
};
config = lib.mkIf cfg.enable {
hardware.flipperzero.enable = true;
environment.systemPackages = with pkgs; [ qFlipper ];
services.udev.extraRules = ''
#Flipper Zero serial port
SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="5740", ATTRS{manufacturer}=="Flipper Devices Inc.", GROUP="users", TAG+="uaccess"
#Flipper Zero DFU
SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="df11", ATTRS{manufacturer}=="STMicroelectronics", GROUP="users", TAG+="uaccess"
'';
};
}

53
common/programs/rustDev.nix Normal file
View file

@ -0,0 +1,53 @@
{
config,
lib,
pkgs,
...
}:
let
ccfg = import ../config.nix;
cfg_path = [
ccfg.custom_config_key
"programs"
"rustDev"
];
cfg = lib.attrsets.getAttrFromPath cfg_path config;
in
{
options =
{ }
// lib.attrsets.setAttrByPath cfg_path {
enable = lib.mkEnableOption "rust development tools";
repl = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Enable the evcxr repl for `rust` command.";
};
# TODO?
# channel = lib.mkOption {
# type = lib.types.str;
# default = "stable";
# description = "The Rust release channel to use (e.g., stable, beta, nightly).";
# };
# version = lib.mkOption {
# type = lib.types.str;
# default = "latest";
# description = "The specific version of Rust to use. Use 'latest' for the latest stable release.";
# };
};
config = lib.mkIf cfg.enable {
environment.systemPackages =
with pkgs;
[
rustup
gcc
]
++ (if cfg.repl then [ pkgs.evcxr ] else [ ]);
environment.shellAliases = lib.mkIf cfg.repl {
rust = "evcxr";
};
};
}

97
common/programs/ssh.nix Normal file
View file

@ -0,0 +1,97 @@
{
config,
lib,
pkgs,
...
}:
let
ccfg = import ../config.nix;
cfg_path = [
ccfg.custom_config_key
"programs"
"ssh"
];
cfg = lib.attrsets.getAttrFromPath cfg_path config;
users_cfg = config.${ccfg.custom_config_key}.users;
in
{
options =
{ }
// lib.attrsets.setAttrByPath cfg_path {
enable = lib.mkEnableOption "ssh";
sshPortOpen = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Open the ssh port.";
};
fail2Ban = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Enable fail2ban.";
};
allowPasswordLogin = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Allow root password login.";
};
};
config = lib.mkIf cfg.enable {
environment.systemPackages = with pkgs; [
openssh
autossh
];
# Use fail2ban
services.fail2ban = lib.mkIf cfg.fail2Ban {
enable = true;
# Ignore my tailnet
ignoreIP = [
"100.64.0.0/10"
];
};
# Open ports in the firewall if enabled.
networking.firewall.allowedTCPPorts = lib.mkIf cfg.sshPortOpen [
22 # sshd
];
# Enable the OpenSSH daemon.
services.openssh = {
enable = true;
settings = {
LogLevel = "VERBOSE";
PermitRootLogin = "yes";
PasswordAuthentication = cfg.allowPasswordLogin;
};
};
# Ensure SSH key pair generation for non-root users
systemd.services = lib.mapAttrs' (name: _: {
name = "generate_ssh_key_${name}";
value = {
description = "Generate SSH key pair for ${name}";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
User = name;
Type = "oneshot";
};
script = ''
#!/run/current-system/sw/bin/bash
if [ ! -f /home/${name}/.ssh/id_ed25519 ]; then
if [ -v DRY_RUN ]; then
echo "DRY_RUN is set. Would generate SSH key for ${name}.";
else
echo "Generating SSH key for ${name}.";
mkdir -p /home/${name}/.ssh;
chmod 700 /home/${name}/.ssh;
/run/current-system/sw/bin/ssh-keygen -t ed25519 -f /home/${name}/.ssh/id_ed25519 -N "";
fi
else
echo "SSH key already exists for ${name}.";
fi
'';
};
}) users_cfg.users;
};
}

53
common/programs/tailnet.nix Normal file
View file

@ -0,0 +1,53 @@
{
config,
lib,
pkgs,
...
}:
let
ccfg = import ../config.nix;
cfg_path = [
ccfg.custom_config_key
"programs"
"tailnet"
];
cfg = lib.attrsets.getAttrFromPath cfg_path config;
in
{
options =
{ }
// lib.attrsets.setAttrByPath cfg_path {
enable = lib.mkEnableOption "enable tailnet";
useHeadscale = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Whether to use headscale login server.";
};
enableExitNode = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Whether to enable exit node.";
};
};
config = lib.mkIf cfg.enable {
environment.systemPackages = with pkgs; [ tailscale ];
services.tailscale = {
enable = true;
openFirewall = true;
useRoutingFeatures = if cfg.enableExitNode then "both" else "client";
authKeyFile = lib.mkIf (
config ? age && config.age ? secrets && config.age.secrets ? headscale_auth
) config.age.secrets.headscale_auth.path;
extraUpFlags =
(lib.optionals cfg.useHeadscale [
"--login-server=https://headscale.joshuabell.xyz"
])
++ (lib.optionals cfg.enableExitNode [ "--advertise-exit-node" ]);
};
networking.firewall.trustedInterfaces = [ config.services.tailscale.interfaceName ];
networking.firewall.checkReversePath = "loose";
};
}

31
common/programs/uhkAgent.nix Normal file
View file

@ -0,0 +1,31 @@
{
config,
lib,
pkgs,
...
}:
let
ccfg = import ../config.nix;
cfg_path = [
ccfg.custom_config_key
"programs"
"uhkAgent"
];
cfg = lib.attrsets.getAttrFromPath cfg_path config;
in
{
options =
{ }
// lib.attrsets.setAttrByPath cfg_path {
enable = lib.mkEnableOption "uhk agent (ultimate hacking keyboard)";
};
config = lib.mkIf cfg.enable {
environment.systemPackages = with pkgs; [
uhk-agent
uhk-udev-rules
];
services.udev.packages = [ pkgs.uhk-udev-rules ];
};
}

42
common/programs/virt-manager.nix Normal file
View file

@ -0,0 +1,42 @@
{
config,
lib,
...
}:
let
ccfg = import ../config.nix;
cfg_path = [
ccfg.custom_config_key
"programs"
"virt-manager"
];
cfg = lib.attrsets.getAttrFromPath cfg_path config;
users_cfg = config.${ccfg.custom_config_key}.users;
in
{
options =
{ }
// lib.attrsets.setAttrByPath cfg_path {
enable = lib.mkEnableOption "Enable virt manager/quemu";
users = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = builtins.attrNames users_cfg;
description = "Users to configure for virt-manager.";
};
};
config = lib.mkIf cfg.enable {
services.qemuGuest.enable = true;
services.spice-vdagentd.enable = true;
programs.virt-manager = {
enable = true;
};
virtualisation = {
libvirtd.enable = true;
spiceUSBRedirection.enable = true;
};
users.groups.libvirtd.members = cfg.users;
};
}

77
common/secrets/default.nix Normal file
View file

@ -0,0 +1,77 @@
{
config,
ragenix,
lib,
pkgs,
...
}@args:
let
ccfg = import ../config.nix;
cfg_path = [
ccfg.custom_config_key
"secrets"
];
cfg = lib.attrsets.getAttrFromPath cfg_path config;
users_cfg = config.${ccfg.custom_config_key}.users;
secretsRaw = import ./secrets/secrets.nix;
systemName = lib.attrsets.getAttrFromPath [
ccfg.custom_config_key
"systemName"
] config;
authorityMarker = "authority";
# Key matches this host if its trailing comment contains "@<host>"
matchesThisSystem = key: lib.strings.hasInfix "@${systemName}" key;
# Key is the authority key if its comment contains the marker string
matchesAuthority = key: lib.strings.hasInfix authorityMarker key;
keepSecret =
attrs:
let
keys = attrs.publicKeys or [ ];
in
lib.any (k: matchesThisSystem k) keys;
# Any secrets that should be world-readable even after auto-import
worldReadable = [
"zitadel_master_key"
"openwebui_env"
"vaultwarden_env"
];
# Keep only secrets intended for this host (or that include the authority key)
filteredSecrets = lib.attrsets.filterAttrs (_name: attrs: keepSecret attrs) secretsRaw;
in
{
options =
{ }
// lib.attrsets.setAttrByPath cfg_path {
enable = lib.mkEnableOption "secrets";
};
config = lib.mkIf cfg.enable {
environment.systemPackages = [
ragenix.packages.${pkgs.system}.default
pkgs.rage
];
age = {
secrets = lib.attrsets.mapAttrs' (
name: _attrs:
let
base = lib.removeSuffix ".age" name;
in
lib.nameValuePair base (
{
file = ./. + "/secrets/${name}";
owner = users_cfg.primary;
}
// lib.optionalAttrs (lib.elem base worldReadable) {
mode = "444";
}
)
) filteredSecrets;
};
};
}

42
common/secrets/secrets/github_read_token.age Normal file
View file

@ -0,0 +1,42 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USBJRmpU
K2tCT1RTNzBhQlNzSHlIZDB4UFNCRDhiY1puVHQxN0QzSDNIbWhFCkdPVTFLYUcv
MW1FMnUyVG9xVE5KaVJQWlhFYmtaeGl2RGYyWWhtbEtTTFEKLT4gc3NoLWVkMjU1
MTkgSmh2TCtRIDBNalFocUZXRkZxMU10L1pWN1I5eUlGWXlrMVNLazR5RExycnZJ
K3BsaDQKVlZCUjRNL1hvMXFjRkd1VGVZNUp3ZnZBdW1qMEFpY3ZhYWFacmlZZEFa
SQotPiBzc2gtZWQyNTUxOSBTcENqQlEgSWRpT3BZZ0pHOWZjWkszZVg3OEZaZld5
d2hOdXpYZ2tXVThMb0FTK2ZEQQpKY2xXT1dDeEp1LzlDcnoreVNvSHdCL2dDVFVs
bUUwQlU4Y3pXV0F1S3RNCi0+IHNzaC1lZDI1NTE5IEJZS0crdyBrMFJOd0xrcGp4
TkpxTW1DZWUxc1BQVTc3S05scHEzQ2hVT1I3bWhQVnlZCkVZQ0dZMm82VG81Yzda
MUpmWjZRUUx3NVBwVTlUZmtaS2JJem5ETkR6eVUKLT4gc3NoLWVkMjU1MTkgWHpm
bWFRIGhoSVhmVVNlc0toR1pBemk5WGp4R0NYdFF0dWFjVlpVcWRQT0hIUlNhazAK
czdFNlIydWFYSnBuTXNBQXE3eTZtUTBpUUJrdFFZMUZldFh4TXpVWEswSQotPiBz
c2gtZWQyNTUxOSBSNSt4ZncgYXp5MElHS04vVlV2b1RoU3RRUTRCeFlHWjRLajFt
L01Pdi83YnRjNndWTQpFVDk2djEyVFVaUHQyTGliZDRFM0Y0Vi96STFJR0Nqa1hn
a2VYVFhzelNnCi0+IHNzaC1lZDI1NTE5IFJvWDVQUSBET2dPUk5rYm9wVHczaE0w
L2hpa0F3emZqNDBxR2c1OUVVNnBNeVc1SzBRCmhIWmFKTnl2TFFBRUpyejhEMFBj
cVR6RkZHS3lpZzd6MzgrQml5QXpWdjAKLT4gc3NoLWVkMjU1MTkgRjRiYjhnIFVk
cE1YSS9rdzBsTk0xNGtlRjJSV2llNVhYOUsvdVVFam1wUU82czNTUlkKQTdLcFdk
akErdWRrUXZET1hjL2J4UFJzdkNFVTlEUWJFWTFaczQ1VmxDNAotPiBzc2gtZWQy
NTUxOSB3ZHJaSkEgQVNMandOOVFiN2xuQTd2MC9UUmt2MVg2YUlzcHBHaEJBWG1E
Y0srMU9UYwpGQnh6L09qY2JvL0tqcGNnWldkWUVzRHk1QVJvN1N0YlRVNCtlMlV6
MUNVCi0+IHNzaC1lZDI1NTE5IDVhZHFNZyBJR0RzZWpCNHNHcXBhQVErVUwxcG9t
K0M5RSt0M2R6SFpwYzB5MXZFQVM4Cll2NmJrQkMwNkFGbWM2bHJ2THhNbG9XS0dk
cmEzWUFCdXBLS1dyNWh0aU0KLT4gc3NoLWVkMjU1MTkgWmUxTXdRIElaN2h2aHRO
bDRtNUlrMlNmOWVSYlpvR2VVeWRxL25vMnFjVUVmc215ejAKVlBmcTFtN3BUZXJx
eUg0eXY2S3V0ZklGNzFnK09yRUJacnZYUllkUzF0bwotPiBzc2gtZWQyNTUxOSBw
ZUZCUWcgU1J3VG1lVDlCNmNVZ2hZbXI4ZDhZdE9jYnNkNHpQclpqQmdGcFhuYTBI
RQpkMnhjZlYrWjBPZVk0UGt5UEZmQzZoOUxSVG8zMVl6MlZCT1JneWJuWVdnCi0+
IHNzaC1lZDI1NTE5IDl2LzJIQSA5RldGVWx4aU9ZVUNQdlJTRUVqbS9CajlnTEdR
NFlCZnEwSy9rRGNIM1RRCkxKN2FUQTBVbVA5SnVZSDlGcXFKL0M1NGhONFhLamF3
Z0VNZ1VSSEFKSlkKLT4gc3NoLWVkMjU1MTkga0hrMmdBIElkSFNJWnZ3WFA3V1J0
aFNqN0RTQUEvNkRkeHI5QkR3K0RuQ2NnZTFQU1UKb0dKd3gyYWdPd0NyUEZDWUhB
eUdaZzIzWEtkNGdUZzZScWpOUzN6K2dCTQotPiBzc2gtZWQyNTUxOSBJb3NBQlEg
eGNINUY0UElXbUQvUklPY2c1S1A4OXh0UWRsTjFGUTg3dW9BM0dyTVgwNApyN3pV
eHhUSnAxZ1ZpdmUva0lScWJxNGFWZDRMdm8zd09kay9ORXdOVkljCi0+IDMtZ3Jl
YXNlCldFN1JnNGM4Vmh1dE5wZUNGOC9NdktlSEFnCi0tLSByVzE2ZHZSdXRxQTZN
SjRTNlRtUHlRL2JPS1Yxd1lnalFFUGlWR1lKTjZvCgfzY9S+Cm6zaEAcrAr3fsev
9enyx9OmVTIIZltr52uqCYbWcsuCkDjHtwR3NXiSQB2HWhNe38l4l2K1+HGcoS7i
2TMD7o9Jx6QoWLHgmrn/zXL/VKyOj5a7P530AMzdqcgJ4U8641VN0W7L9u1Cw5EB
Ujzb1rKthf+txuP04aWYit69ZBdH7r+VkOGghXngwvBapwFF8AGUug==
-----END AGE ENCRYPTED FILE-----

40
common/secrets/secrets/headscale_auth.age Normal file
View file

@ -0,0 +1,40 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USBvbGZC
ZFZWZ2ZPWUlNdEZCSXBuYThubHpiNkFzb3Jldlh1QlF0UTZ0NHlZCjlHSTVrekQw
MDBsaU56Yk9IQVZaQWJDMVNoUWFlQmpJV2gyTXBXNEhNdDQKLT4gc3NoLWVkMjU1
MTkgSmh2TCtRIDU0eDdqTStiUUlCUUcrYWhDWVRSQmxPNEIySk9NallHaVdNVFg5
YXNPa1kKQ25PNGxjc1hid25Nd2R5RCttbHN1ci84T1pmQ0ZkNDM0R3FLbGdHRnRm
OAotPiBzc2gtZWQyNTUxOSBTcENqQlEgNjR5WkE4eUQrUGk1NHFMY3BjclZKWkd2
TVd1QVNoVm96QkcwcHZmdG16dwpRQjY2V3dOOGo3VlJ5aTNLS0NqUVJ3VHNTWC8x
V05kbm5yQ3F0MWNFM2ZJCi0+IHNzaC1lZDI1NTE5IEJZS0crdyBFeDIrUWEyYjVw
QUdjSlBWQ0Y2N01uL3hxTWJiNkdCVkM3UTBZbDhBZWhNCnRraHhUb2NEMzJWbWl5
SjJEenN0VjJCWlM3TXEyREN0ZysxSG9Rak9hMVUKLT4gc3NoLWVkMjU1MTkgWHpm
bWFRIGxYRDJta0x6QnNkTXJnQmZwWFlRL0wrNS9EUS9TVDJMRFhZWDBUKzRWaWcK
VXlwL01IYTdTTTY4Zk1FOHBMc3E4ck1DZHp6aHhEaXFBWFN3SGErcjhmUQotPiBz
c2gtZWQyNTUxOSBSNSt4ZncgVUozU1kvVVJsZ0F2Nnk4bmZnUUNyTU8rM1FCRjFY
bWVBZWNNUFZIcFQyTQpzK0Z1SXVFQWhFSnp0UGs0RHJIQlZrUUtlY0ZFTjdwSTZS
MXhjSTNpOHNnCi0+IHNzaC1lZDI1NTE5IFJvWDVQUSBvQkd5UlNUakhGY0dkRFly
SU4vM3A1Sm5xNnhIZm5PUjR5WFNLZ1ZmL21NCk00M3k0RnNjL2dkRVd6MmdGSW1G
aGt1dmwxN0VTQm1zeklDN2MzRmFqSUUKLT4gc3NoLWVkMjU1MTkgRjRiYjhnIFBQ
TGdvVjdEaEJDQ1FxbjhTOVdZTVdjLzJhc3lwdy83UHNyOWJPNk5ZRjQKMTdNemRQ
L1h6Tk1EVTdZcnFPRVdEZjhnU21hLzcrWk0zS05YSTV3ZGJQNAotPiBzc2gtZWQy
NTUxOSB3ZHJaSkEgTFcyc05mMnNVdWFDQWZUMGN6OWNZeGkrWlMyakV5RVhHaFJw
bmxiZ0lrYwozcit3dU84L0lVU0JXbVN3YnJoK0NPOUZKS3EvSkNPQ3FCWWhYZnhx
azhFCi0+IHNzaC1lZDI1NTE5IDVhZHFNZyBNWWJtTlVQTUo1SFh4b1Q4Vk8vUHdG
V0xLWjRXdVZxVVl0L2JMeTBrdWxJCmJvNGJ5Q0JUR0g4Q0pISmxTVll0OHl2dTFJ
dlNtR1A2aGVTUEZRMU5Hc1kKLT4gc3NoLWVkMjU1MTkgWmUxTXdRIFkxendRYm0y
aEc5dTAwQy9pLzBrbUpVVlpFbnlDdlI4bGh0Zy9oMmtVWHcKNDZuaTBDV1o5MXFV
NlBLVzlqc0ZzOUdMT3c2SmRYV3hVd044bzZoenFqVQotPiBzc2gtZWQyNTUxOSBw
ZUZCUWcgQ3VDSnNLMHc4N0dCQ0NOY0lscStpeHlKdXA2UGpqRVhjNDVzV0NCQUx3
VQpkeU9FOE13bFlaQ0ErWlBFZ0VWWTVZZElQdEg5UFo1SVRSeEhqRnk2NEtFCi0+
IHNzaC1lZDI1NTE5IDl2LzJIQSBaREtQS2ZsSmxSQml0bkZzd0prUXdvdkhBZzhY
VkNRZWZqdVNvODIxMDNNCkJVMWZUc0o5Q0g0Yi95czFaVkhwejh0QW5HcXZ1Tmdl
bWFKSUhITkxFYlUKLT4gc3NoLWVkMjU1MTkga0hrMmdBIGlNcjZMWEdjdHNpNWNl
ZzlrNklvVklXM0tDMGVnRWhuL3BYV3dMa1U2ajQKd2owZXUxSGlIVUI3cFRxbjA3
eWFhZXVudlBpQnRMTEVwZXhSSFgyOEsvSQotPiBzc2gtZWQyNTUxOSBJb3NBQlEg
OXR4MFc0eDZQQ1IwclIxYm9kYk1DSkZBZ1RDMm4wYlEyb1VrRTBaNmpWNApwY1pu
RE9VTU9Mbm9Ea0twcnBNRUc5ZjdzYXRyRmw0MlVHZDZmTVVLZFBrCi0+IHwqflMt
Z3JlYXNlCgotLS0gNWpFR3lvdmVsN1V2WG01aHN2VjVUeDZORzRpRDZGK0RWTFRM
SytLcVZYZwrYTHZo/oozQZasJAFNVb3ZrSAjREvZzRRyz6Mj71Pj2H+dbFz9sZ+c
+B4DEN/4xfhm5FUsU2w8VCQ/E+186igURD2AyhUZxNFFVPUPJKUM9rY=
-----END AGE ENCRYPTED FILE-----

50
common/secrets/secrets/nix2bitbucket.age Normal file
View file

@ -0,0 +1,50 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USAxNHJi
QjBYYnZsZTl1OXRwUDRXSGx4MmJOdzhHZXY2NUlaQ0hocFdlV240Ckw4U0FNSGFt
SmF1aW5mM0lseFZDUDR1ZkgyRFdkbHYrUHdITWUxanBrWHcKLT4gc3NoLWVkMjU1
MTkgSmh2TCtRIC9vS1U5ajZ1MS9sdFZZbWs0cmlvc1VQRVNLZUxiQkRrS0xtWWx3
LzMxQm8KdmU2V0pqZnNMajc4SVk5Skhnd0VQTmViMERIMWtqMEcrUGpHTXkzMGk0
QQotPiBzc2gtZWQyNTUxOSBTcENqQlEgS0FzbGFCY2xtQjdlQ3p4UjJjUVdNRGsv
ekwvcWhEK2o1OFkzYW1zMy94ZwpSQTlwRVlKb2x3SlR2QkEwSFlhRi81bGRObWhw
OU9pdVBJcWRyZm8xQWpnCi0+IHNzaC1lZDI1NTE5IEJZS0crdyA5ZGMrR0xRcXJz
STlKbGhEYkdOYlYzZHBmZkJHUTVYSndEZk1ab09Pb25vCmJWVDZCYmVTSW5nRTVX
YzFHTnRMeGt5WE1Ydk0vZ3l3K0NhckwzbU5kN2MKLT4gc3NoLWVkMjU1MTkgWHpm
bWFRIHlJZG02U1JaZkVxVnhSc2VVZ21sdmJlMUh6eWhhK05lSkhES2J0L3JEUUUK
K3FacHVNbEIvWk5QQTV5RHpOU0tpYitJek96YjF1a2o3dTJmTnZya3lpSQotPiBz
c2gtZWQyNTUxOSBSNSt4ZncgUmcyWU94VEI0Vm1vUnpBWW9ieTYvQjFBM0hyY0ZU
QWZoaUFmSTRlTEFIZwpINEFkeFJnVVNINWlBaS9UK0V5aExoMnY0TDVjSFdITEJi
dzFpdm9wRGJBCi0+IHNzaC1lZDI1NTE5IFJvWDVQUSB0MVR0bE9tMEw2bzc0SHpY
N0JFWXFDbFJ3M3Rab2VtQUlLeUNUU2l1aTBNClNPTGpSTnFGeXpBcStjdnlmWllx
K20wdUVVVlZnb1FJbEdlQXVTWWpudDgKLT4gc3NoLWVkMjU1MTkgRjRiYjhnIDF0
ZFlkaTNOMVNsV29rREJpaUdXSnFuQTlyd3pyM2I2bUtPL0ErUm9wR3MKenNsdEhl
TDVjSmdQSXR4S1ZWR285RTF1T0hhNEg2TFZCUXAraFkzdXo3awotPiBzc2gtZWQy
NTUxOSB3ZHJaSkEgVVNrblluWm1Dck1yelpURWZoeVFjaUJFaXdkZldOcCtFVzJQ
ajZUTmVsUQoyUmI4Tmttc21HemZDTmdERFhxZXlpdG1RVStiems5cVNaQWNIM3dv
RlI0Ci0+IHNzaC1lZDI1NTE5IDVhZHFNZyAvS3AwTW1kaUtlQnpjaXByQU1uRVM5
RDgzMVhBSFRWSVdwczhxVXdUWDBFCnBDNjEzU3BUcCtRM2tDUVRBb0Jqd1pkK0Zo
WWJEb2gzaUlPTGRsZVlzZ0EKLT4gc3NoLWVkMjU1MTkgWmUxTXdRIHRnQndCVU9J
ZlQrdi81b2J2cmNzdXR6NHI0bW9LaHJqRlprTWZJM1RiRm8KSmpVQjF2U3BuVWVz
Y2orSlc2dUYrQWRYSHFPb0JRZloxZHo1KzduQkJycwotPiBzc2gtZWQyNTUxOSBw
ZUZCUWcgVG9LQnRwemt5T2VSVFBVK21acngxMHRDNDNxQlFxZU92NzRuK2U2aUwy
OApXamtRUENLSVBBM2ZmSVNtWkh1TW41dEQrRkNYQndBcUlOQnU2Ky9BMzA4Ci0+
IHNzaC1lZDI1NTE5IDl2LzJIQSBveE5LTWhRZEhzeHBQVmo4amNBTzlHWlFVYURx
T3plT0lPaEpsb2F0RWhVCmh3aCtsU21zV0pYQzNmU3VqUXhhOHlYVEhsWDN1eHpD
UjRjVkEyTVhrVjAKLT4gc3NoLWVkMjU1MTkga0hrMmdBIDNMWEtrbWh1SWRwVUc0
Vm9uYlcvK01xcEdSWkZuZzl4eng3NjlwRXNPamcKYlArYXkxYlMybTE0UnhvempS
bmlncUJtWjVZMWdHY3VvTHNvdExib2lzYwotPiBzc2gtZWQyNTUxOSBJb3NBQlEg
ZnJtVEdzL1RFK3M3TGFpVGo1Mi9aN1pLRS9TajQ1MlNqODVad1M4ZDh3cwpVSWpy
elZlT2dWTmhFaWJFUVFXWU5pT0dlam1jU0R2di9TUzVjUlY5b0RnCi0+IEJ6cnpI
NVktZ3JlYXNlID1YU3I8WkNjClRpZ2dHWkJIaVZVVkNwY1JwOFg2bTdzTnJBRjRs
SytLdFUyRldoTlpHSkRPY1ZQODRYY3RiVS9VNWtPeXBIc0MKeEdJY3UvTWdEZTVa
RXNvCi0tLSBLcUNEU1JhQnRCK0RMS1F3VEt1Ykl2MkhROG02NmY5bjVIem1JeWdQ
TXZnChn2UP3yo7fmH9JimBCsA8X6WLurks8pKMf5lb/yh92Uj+mbIz5R07Fpq0aC
nLa9VhNeQU4nYkotJUVPRGhBlh7xaVRoeaRfRy8n34TKNU+PQUFz6gv0OHkMDOKh
B3Z73OAJGaFAX1Q1SlM96ejHVMRdr8SNQao9QJvZq9EXyrejV1L8oS7cKHObfkEi
ylUPlNsH375zQ+rizYqO3jLBGNXpK3RTOX/3xadbAeccyBLrSaoE+eQi2nba2fSb
iLd6xNtltmDy4AzRwpmMPpD2EUlTV7iBCBlstK6v7k+VOAyH0PGIXTVUlHs8VORI
PHx8boVaGNn1b3XSD3CTflCRHxo7gSfXzcDEnfIbPsz97Z8GdQmV6fqIoWyWS3ZM
DFYdS7VBuKA7lUy9fu+UbP6OFjTu05rg35OcM6uzF6U4TVbKrGzaeyZzrokcXCbo
LNYJaI0FY+/bznL8/YqU/EJsAzgSZLApIzo3wLJhd6YK9Si17Lgf5N8sfUvHN8ax
naRZp7SlPmmzyhO82KwI8FXM7E+0mZ3CjfiEUmq9dz2plRGJaWCdMJ/SUv9EcTvG
Z/Uo
-----END AGE ENCRYPTED FILE-----

49
common/secrets/secrets/nix2gitforgejo.age Normal file
View file

@ -0,0 +1,49 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USBtRTlJ
RHRaRVFZZ2Y2Uzl5dEZXSnplMlpYdy9UVVdvb0dSVFNGd25rcHhNCmp3ZHFneUJU
eW1PaGlncUdmVHNWblQvbkVxUDJpQ2p2OFJFVGtNb0pZcXMKLT4gc3NoLWVkMjU1
MTkgSmh2TCtRIGdJOTRGVktSY21ob0JKam8zaDN0bkhIQjNieTVEcFl3aVBpSjhw
Nk9OSGsKVENrTkd4cmdaUnE2VWR4SU1ySWdvZGo3VnMxTFo2dklwSTFieUwycTdr
RQotPiBzc2gtZWQyNTUxOSBTcENqQlEgU0plOWVNNTNNTkxhSVN6ai92aTd6RFJ2
WjFRMzdJUjAvbDN6MHVOMTNncwp3bVREblZMUE12WEVaOGpLVDBYZHdILzQ2UVBI
V3MwTTFwb2dwcDMxSFBnCi0+IHNzaC1lZDI1NTE5IEJZS0crdyA2L0NONmxjcGFr
T0xaRnhHQ0FFVVlseUtKcWJZbi9ISlZIclVOdTRNRDJBCitWRDBvQXdackV6QTRu
S1FPeXdLZGpvbjhBYllVY0UvZ3JEWWQvMHNOS0UKLT4gc3NoLWVkMjU1MTkgWHpm
bWFRIG9XOEhybjJFclFKWEhQeDlrY0xVRHZOcHQrK2RWa0hsZTc0eU1qRWlNMTAK
cnpLdGRDejAraERuNnVlZDBVV202TmdlSVREMVlPWFhpckdPY3Q4OTY0UQotPiBz
c2gtZWQyNTUxOSBSNSt4ZncgQWk4Q25xSFZSbHo1NDJ5VnJWcVN5L2NIQi9SQVJ2
aWtWSHR6azk3QmhEYwpXQUtjb1JZSHNuOFZHWFZYcy9HdktJVGpvQ2xuQXU1Sndi
YlRWYWhiVmd3Ci0+IHNzaC1lZDI1NTE5IFJvWDVQUSBOZWtBQ2NDVmViYm9uZ2hu
akhMVzNlQ0hiNWEybVE0dTFwWGRpMlZGZlZJCkJncE1nTlZTaEl2dW90bERnQUhO
SWd5dzhYa2RMRVRFYS9rdkdEVTZIcVkKLT4gc3NoLWVkMjU1MTkgRjRiYjhnIHNi
OVZVblBBdVFuVE4xVGt1UzlMNDVtWGdBakVJaDVjanhmYWVPV3RXRjgKYTBOREpS
bVowSHlySFg1QWJFK0pPdnZJS0VQcjdXdERRbmdsOUFTeldMdwotPiBzc2gtZWQy
NTUxOSB3ZHJaSkEgdWY5U1BNTndYYWwveCtjeUxHOERGTEhMMXlSSEpyV0gva2pw
ZHNzSTRsMApQSm5BUmdMODZ2YmVaaFNxQVFaYk5KWFVEOVoyQjBQQzBxM2kwZEl6
eXJjCi0+IHNzaC1lZDI1NTE5IDVhZHFNZyBVbG9ONlVPbW1QNmxENGJERGs1VEJU
Q0FhMlowVlZVVG8veG5tUWt2T0VJClJPZUY1T00vZitSRmdhWklrY202ci9yRG9M
RDRiTGpKWis5ditDVjJIRmcKLT4gc3NoLWVkMjU1MTkgWmUxTXdRIE1SY3pidWpw
TmVNbEV0ZXQwTDkzdEtkbVIwd1BrSG10UVhBRUY5VUt2eXcKSCs2VEc1VXhXWXBY
UHdRVFVtaGJUK2tBWWYvQTk5V1dEcDVReFJ6WkNJdwotPiBzc2gtZWQyNTUxOSBw
ZUZCUWcgVE51VHdqeEF5ckRqTUVGWGw5SGtkRGJCd0xoZzdNbDRUajZPdThCQk8y
cwprTW9tU2Z5d1RVRWNkR2M0WWNCRTRwb2VWcDNQdHFCWDBHZDhINUduN0djCi0+
IHNzaC1lZDI1NTE5IDl2LzJIQSBOZlB6aHRWRmthWkpuekNza2tBUzRiNGFkSTUv
WVRNRGFKZXZ1Sm0rUDJvCjV1dzlyTFZxYndvZ3BKNGU0K0hwK2VhSmNYcmFHZk41
RTlscS9uODR0R0UKLT4gc3NoLWVkMjU1MTkga0hrMmdBIC9sLzYvYnVpenRFUlZO
cTVmVnBpLzIwNlJrU0xYOEhKWStkOGRDU0dkVFUKbjlVQTlsRnBCci9ucUNMNkJC
WWpueFlqclA4YVc3RVpXeWZDQ25mWEE5YwotPiBzc2gtZWQyNTUxOSBJb3NBQlEg
bjJNa0RIcGZWdkxCUnBsU0p4L3lwUDdia3Q4L0Y3cllYVGJuQ3pZcjV3UQo5SGxu
SlQ0cFVOM3ZRZ3l0SkdVdk5vY0NLcVUrRXJ3SU5SekxaM1NWYy9NCi0+IEdTTEFp
OSF6LWdyZWFzZSAoJmR3Vi4gU3A/ICNuLSA7Ck9ZSjhhci9nVjl1L2dIR0twUm1i
NzRSOU1DM2Rwa3RsYnp4ZQotLS0gRGVpRXZiS2Vlc25HN1M2M0kxbUo0Uyt6OHgr
Q2loS1MwVzB3Uk9mcTd3MAr1KliXDwBENE5rxqhvy1XX1d59XdiWeqCepnPm78ET
YbVM6FN9H6UBwiwClc+os59UY1lxNyjvefVOfW4V0Jpo2f2aFWdsJxoJWSdomKzG
N2wQ4Yq8ESeuz4g7pwxWB3RsTr0w6Rnzuf7D4Syg9rpX1pqVinFhLOki1aK3ZIdk
tqhjkKFgWQbBM/6540W14uw1fPTIcdX8v5KHbTc9XyNA2MHamFc1GooYduqL6Ylr
ij3hM7/z+TdXxGu3+kqs3Yh5MFd+ePB+LFgAqiW3gv9nD5RmH3s/x8Oip+RLpoTw
7fwo8wgHByoDK6gz2SAOZ2Q/Px5YBqivleT0oVdrd/quLN5lU2aQt3OANTxzF+bP
DaAWwv/7pTaLB7lyqCTSw+C+UmgVXmnOi2MO7ex3tImNzwGVQfZG9mc5k13ltwsq
uxC3T9l8+fuo4iFUwCXfXlm3ZmcIcpjYE6rOlV4Y2EdmwwvwRhMljWf2OfNHlq4e
hLtKvsHf7+pMAX0ZsZMig6KH09V/RtGUr9KBWVG8CABPnPJBIzlGZPJdmO+G5eAx
cEUUkJzlcSCF6SDo1zG7QcT7vRSX4FjvOY579w==
-----END AGE ENCRYPTED FILE-----

49
common/secrets/secrets/nix2github.age Normal file
View file

@ -0,0 +1,49 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USBYU2N0
a1MzODQzb2JUbjJyQ0xTbUxlbjhJOExjNm1JOFd6bDNNZEp1TlJ3CktCUXFwWTJ0
cUZVUldoRStJRHc2cjdwa0szQ0VPZTBsV0NiK2ZmQUQybW8KLT4gc3NoLWVkMjU1
MTkgSmh2TCtRIEk0R0lSUitzVkRQb2hQamt3cGdQK1ptYXVkUkdXb2w2N3VsY3hY
emdNM0kKYXhod0FVMzJ4dFRCZXZBQTBJcFc0RWRsZUdqV1FkSldkVHFnbU50VlNx
TQotPiBzc2gtZWQyNTUxOSBTcENqQlEgaG5Fc0VOUHdJWlFsRGtOSEwxM2RHZHdh
anVJZWlOZ2dBRStmRkc5WU5nTQpiQzRwMnBIVHJoQldJeEdrOGVha1phbGRKZGZW
SGZiWUV3Rk5XdGxUZjFvCi0+IHNzaC1lZDI1NTE5IEJZS0crdyAzN1A4amFYM3Jt
UDNidlBaRDdpSTNLb1dmTDY5VDArc24yUWcwVGwrenpnCmoxVnlEMTFlZFhEeE92
ZHJaeFJCY25sWTM4NWFnQlhpbCtodWZyeTVoaVkKLT4gc3NoLWVkMjU1MTkgWHpm
bWFRIENONGFuM2ViOHRGa1gzQS93a1RTaXkwVFlYd0tadG1nOFhra0VHa0Jua0EK
OElXcXgxd0FuVys4eUZwSXA2eCthRFNRTWpmSDFLU0FqSVlCUDJSNVJCOAotPiBz
c2gtZWQyNTUxOSBSNSt4ZncgOUtUeUFubGN2RUp3eGM4d1J3ejFaSXdaeWg4MnBu
VVNmUE9VRzdUNThtYwpVazRGNS9GMytrOGdBSVJhcWJ3TDNDUWVOMHFBd216a3dB
UkJmNmpSSkZNCi0+IHNzaC1lZDI1NTE5IFJvWDVQUSBFaUVFcE1aVnNrekwrZjdN
L2ZYZ0JreGRRM3FkYnFzdlViVk0zajE3ZFVRCjA0OUlLczBmaEJMMC9EU0k1K1Vq
Wmk4eC9wbXdvWG5UTlNMYlBiSTN2RVUKLT4gc3NoLWVkMjU1MTkgRjRiYjhnIHdI
RHY3U0VuekdYOS9FUVhBQlVtUlNQTDg1dEt3TnFzVzMwOTgyQktEeWsKRC9TUnJJ
cytpaTRGMm5wcXFuSE5ReU9seGFUWlBSa2FxbHQ3eE9Idmc0YwotPiBzc2gtZWQy
NTUxOSB3ZHJaSkEgTmp6SnhHV09BbzczdmVoaCtnOFdYaHorNWpmSDQwVmtJVFFx
Z2FTTnZWVQpnK0lTem9uTE9BZ3FqdVJ5YThmZ3o5RjlZNlhTUW5Zc1NsM2FBa1gx
RGdFCi0+IHNzaC1lZDI1NTE5IDVhZHFNZyB4ME5DK1BQUVFLcU1tYVZadG9hRVlM
WGFnd2lIVVNXSTNkZnhIaDNNSUY0CnpiUEZKeTVHTkFyYUdaeU4rWE54RmIxVjhC
NVkvQURrY1N6b0doN3MrYXcKLT4gc3NoLWVkMjU1MTkgWmUxTXdRIFZraHhvbndT
c085d1BFeXE5bGNWcitZaTBKdVduOGtPeVFRam1aWVpyQ3MKbE92VWFqVXF4dkZo
dElDN0p5S0xXemplSzFWUlJaZ2M3Uzl4UlhmOHllUQotPiBzc2gtZWQyNTUxOSBw
ZUZCUWcgbndmTFpuR3o5QzZsZzVBMzBnUlU5UGFoNFIrc1dYUmdCdHhYa1N6d2JG
awo5amhkT0p3YytiRmFLc05GRU1hL3FMbEppd1Vpd0xCbXE2T0dLanpTQ1pnCi0+
IHNzaC1lZDI1NTE5IDl2LzJIQSBUQ3c1Rm52cjl6ZzhQNTQ5R2NEWTlWUlVNWVJ3
VndHUmg4eWIzNERGZWxRCkNRZk43YWUvc05nYWtFYVlZNjBQbnNhK3RXTjZJMkU1
OG1hcUtoUDQyUjAKLT4gc3NoLWVkMjU1MTkga0hrMmdBIHJGTk5SYXlKZkx5cEVJ
dUJQTVNkUWVkVCthU1c0eDMvbGJWN0dKU1dSeU0KYUVQMTFSNVNnZEFxV09UVHJm
VDhMcElMZ2NRQWVKSXJITU53NlZwK2dPWQotPiBzc2gtZWQyNTUxOSBJb3NBQlEg
YVgyMDhXL0RsaEFxSUhGTVh6c1BUeFgrd0lMUDg3blk0a2pocVJMbVZnRQpBb1hJ
c3pBOFRXMG9kTEt1Q1IvZW5GR0F6UTNLU3J6QmxGWGljT1pzb0NBCi0+IHN8OGhP
LTVaLWdyZWFzZSBKcTpVVyAvQlZYawp6bHZOYWpabVJhN3BNVEpQbDRWbUh1c3BP
UXlsSzJWdUdPMHpuWmF2QjNQd0ltUQotLS0gemVvbWt5LzErUlpmZXFxQmpMZFVq
czhiSVBFQVBVVFo2Q2hiaXNWQ1Zwcwrm4hQtiHjacGXqxDf8QBf6AdsiCFad+cAu
RA/fKJMnq8zc6NUDkvEAxrWxFLpLD9amqaxgh5889mWstPGaeCQEcWfjO7jl2jsM
duZsH2rtqfsaoWI1tsUiVKGtgprkI1TBwbtFYQ/aC+1AzOP4rnmuu4T/kIDbP+rn
SlILVnc458dAsDIUO0vYzNhy7z6oG0Nf6TnPehPocIakRXoLSN0d7fYmC5GDD+8m
v0ucVjpVlyXCyOHbl6COgLmz0HglXaQba+K1ZFWJJXwB3Ej/wYaS6r5rChe9RKJJ
tlCCDfOmUC1BgNH2PbPsaDwVmPe5itsAoJrzvq2mR5ho6kTX0dAPnu6A50G2TkTq
7OtmvcjVarHKO5mRLSaGKgBnxcdI9MPvKdLKb79mBgmp7lWbKqOfQL8W+mfdxWjI
F6DEPQ478W7QF5tIWYlHsDS4R7hKr7DPBxGLZEhKUYl6UJd8BietDQ+Pti19uoiC
1qwFIGoKGteEsW5HHfvxdp1hdboVoOh/MzwpksNqMOZIhS2aAr2EKQsUBB5TLL+v
JdEKGcLiRuxqa/6mVuEw2iqUfSBK+A==
-----END AGE ENCRYPTED FILE-----

50
common/secrets/secrets/nix2gitjosh.age Normal file
View file

@ -0,0 +1,50 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USBXQXoz
bGYwc2NqNDBVYzVkeGxldnJxbjZ6elgxUmFoMFhuK0pvTTRLWkhBCmx4RUxONTYw
VXZGZUtQcnFaRXhuODNQQjhCRmFtOG1TQzQ5Qk5ua0RNQ1UKLT4gc3NoLWVkMjU1
MTkgSmh2TCtRIHgyQjZBUjVNMTV6cG9LNE5NSFBMc0xid01PQUEyeVd1ZnBEaUVM
Rjh4bncKVHpqQ09XVk5od2F1MW1namloTUVMaEpuamlZcWIxRmsyRVIzV0RYZGxL
awotPiBzc2gtZWQyNTUxOSBTcENqQlEgN2s0Zmx1YjEvMlIzdElmeTcycEpNcHNJ
UUM4RzBaZWJEYTNUK29vOEdHMApkKy9SSk5PT3ZaQXQ1UGFCUFFvVE95V0tBZk5v
UlR1M2tEYWtMK1hSU09JCi0+IHNzaC1lZDI1NTE5IEJZS0crdyA2YzQzQ1J1L1JG
MXFjbzE5eUhnZDBjNTJGOEZwOGwzSmsyRUZhQzhtakFFCjVQYzM3VlpWR1I4THd3
Ky8xOEd0UE1hVjRRS2RiVmUxbkpmdGxLR2RLcWcKLT4gc3NoLWVkMjU1MTkgWHpm
bWFRIG5ybjFTUEZ5OFhpUkpVdnZHNnZ1eWZGYnNQeFFvaVNoQ1pVaXJ0ZkNna0UK
cUx6OWtid1FRaTRLMy9EaGk0K2NKWE00UC9Ec0FsUDJCODJzNG0yYXJPTQotPiBz
c2gtZWQyNTUxOSBSNSt4ZncgdG5DRTY0QzU4MjBXTnFWT0NiclJ5M0g3eG9HVm92
M1RIdFdidm9hVlpsTQpFZEd6QVFjY3NLOWVXeDFTdXZPenc3L284bG12V3dIVzRB
QUZ3ZmU0VldRCi0+IHNzaC1lZDI1NTE5IFJvWDVQUSBHQm9ObTBXWUh3YkRSb2VW
ZGE0aGFYM3RkbURpYlRTL3NMek5kZEpwcXprCjFHL2JIMFRKVitiamRSM3dHNzlj
ZENNZHFIOVdLS2ZOb29RU2FKd1NCWTQKLT4gc3NoLWVkMjU1MTkgRjRiYjhnIG1z
ZGpQQ1ZDSVdLVE1EVUFRVW9RZ0QwbVJPSUtIYTcveUdBaGIwb2oxbVUKZGRQcHNB
WmJuN3B2VGVlUEJLem9ja25wSjlreXpCOEZUUnZnY3F5YXR1VQotPiBzc2gtZWQy
NTUxOSB3ZHJaSkEgTmtoYlhWL2YxZFFheEVCbWMzOFpwendzaFZsOEIvN3VzNjlZ
cXNsUUduQQpacFI5ckx4TGZPRnp1RFM0SHJlS2hLMnU3NURJcWJKTEZscEpLVU5k
MXVNCi0+IHNzaC1lZDI1NTE5IDVhZHFNZyA4dFFyS1h2bWJFYXZFSkpaNGVkam55
RXMzSW94NXZTVy8rRHBWOGl4NVFrCktPVWI3VUhWZGZtYlNaVm8xTHZiTk9FbWZ6
OE5WYUhaTjAvQWFxWDdyQmMKLT4gc3NoLWVkMjU1MTkgWmUxTXdRIHZYT3dNK2cx
UFpSV2dabnhIcW5HMlYzK2UzNEorQ3BaRTg3NVJwYVM3MlUKeVJqaE93N1lLdkg4
UU9VaWRpeCtWQ2V1bmkwMkJvbE56U0lXcEhMVE81WQotPiBzc2gtZWQyNTUxOSBw
ZUZCUWcgMzJUS0hEQjlNTUEveGxXdHZGVlY5ZjNrZTF1QWc4eEhiUmVsUWRBc1FV
awpkYXgwL0E2cUNvQzRCQlVHQWM0djh5RVJ0SFl2R1p5ZzlEZ2lZV2trTit3Ci0+
IHNzaC1lZDI1NTE5IDl2LzJIQSB5bDh3ZTBqWE5wNWdVczhsaXFJaXdEZXVBSzND
ajN3WlRVcmp4dW1FN1dzCkxMN0wzV3BIdHRqYXhmSzlLWE0veWJHVlNBOWFncFZ1
M0x0MWY1dmM5TlUKLT4gc3NoLWVkMjU1MTkga0hrMmdBIEpINTFDeUVTbCswN3F3
QXp4eWMzTUdPTWFGeENOWWhkTTl3WnRIdk5sRDQKWk80VFJGTW5xdkwzMDdaSGFW
ei9RTTg5SFFVRktFYUlPYjNOT1FQSklZRQotPiBzc2gtZWQyNTUxOSBJb3NBQlEg
ZVhldEpReS9jMDRzcXhrZVRhSGFCeWphQjBUU3JiUVVYZnc0d1FUNFUwYwpLenBY
YXMxREFRRjZZTHBIUUwxQVplL3J2WGszNUhXSzhZL2hDNXUvUnI0Ci0+IFUtaS1n
cmVhc2UgPnMjfCFtCjcwT2hGeVY3b0VBSTZIZkI2bEVSUzR0bzNQQUVjNkpYZTJl
a2l5b3FNbmpQQ1F3ZTNDTUE5ZmNBbmhzZE1uam8Ka3BqWEtQVEIzOUFFQlV0TUl0
QWgzU3QwdlRTWkdUWUNRRlB1Ci0tLSBaeUtEanlxcDV5Q0Uxa25hVnFiVW9KMTlw
TElTNVdoWmxlWFNsMXFlY0VzCpnuSzzkIeZRg56GdBS2gOTaXV70O7kR/9F7deO5
XJOWo7ES0V1Y3WqNHmCsWHiqHj/yKT3JYBPd5p8tPzW/uwO/4KKfqaG5xY3l01Uk
+zsFTkQh5xRP5vtQ5Q9ztTVV3hp4QLVsBLSwGHMiJyL2BGawLD5OsSehBQ26nU4x
gmE2ZP8WWm2dCTGJBf/JQ7rl7+G54GRK6akWRCT+ZzL9OMA5u3dgyvE3w5Q04K34
sY8WJIDaUm/Gr6JB3gHTfHaSsqx5NE69EZ2we4qdUW/ATeIa42NLPOYvShGzJdNO
nWC1vemKsUUDR1KzfoZ6W5KM1Dl6f0IzC2e3gAztH0FtZO47is1Lx9jsbVN/FRh1
aM2bk4LUfsH0CtVqRxEqVg1gXzB+ICe/K4xU8OB1g7uzTYS/rZc1KG2sHJ0fjXUV
m0EdIMiJi4uTltakDrVGBKiNhQAz4V6t/kKkONvFg6wFoVzgm3kOxfRcryWfF0sc
VDaa0kOnDFS/MuIsMENJ0XP5mTO/BQERY4m423nY7hH4Ud+kU9k8zQ3gdNIGwCEK
1j0P61nlu6Y4lSO6UaNgr7xl
-----END AGE ENCRYPTED FILE-----

50
common/secrets/secrets/nix2gpdPocket3.age Normal file
View file

@ -0,0 +1,50 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USBGdVY4
TnVkZlJ0elRhQkRSMnlXUjNNb3BQQmVBbmhYYVpqOUx5cE81TXpvCmNYUG5rTjlo
RmpNQmFtZlBwWXY1eDVzOFh0T0F3d210QWRvOEZnN3VyK0EKLT4gc3NoLWVkMjU1
MTkgSmh2TCtRIHd4TmdIeWdiTXk4QWwvdURNQ3NtUlpNZWpnT2hubUk1RTUvMFRG
MUtEQnMKTEZBV1dPOXlQOTNSNVZVcXUweWZjc0RlQzFybE42Szl3WkJCOWszMHdN
WQotPiBzc2gtZWQyNTUxOSBTcENqQlEgU0V5bUpxNTVNQXh1UU8xYmJLWEROTkRr
UmtNOWQxbllTMW5BZzdNR1JpcwpCMExaYmpNbW5ma3N6SHBDR0lZdHljNDNlNHlM
TTJrTnpKanIvYldhcU4wCi0+IHNzaC1lZDI1NTE5IEJZS0crdyB6UHBMWXNCZ3ds
S1RQL25SdjVkRElKMjYzUXFKV3cyZFl5VlhvQ3ExeUQ0CkdGaGZrNGdZZ2ZsTUsy
amVPVjhjMEg2ZkM1NnF0cTZFNGhFSGpYQzRNRWsKLT4gc3NoLWVkMjU1MTkgWHpm
bWFRIEN2bWhSc3AyWjlXWk80NTVpbkkvTllWbnJScS9XWjQ2RUd1OTkzMHRzZ2MK
bzNETWVrVFdIQ0VvUEZSY0N4T2Nqd3c2WEZWS3JqZTAxaTZBaTlmOHpZQQotPiBz
c2gtZWQyNTUxOSBSNSt4ZncgQUsycFZocFZPdUxQM3MrU0o1OGE3Rjh3SFlNcXdo
MExnb2hBbHdoTk13QQppenB5THpDV3VXRHdZYjJJc3dPUW9qcFBydUs4ZXA3Z1JO
ckl1ZVJjNzdNCi0+IHNzaC1lZDI1NTE5IFJvWDVQUSB1MzRNMUwxb1ZESWJrMVdv
RkMzOGJHYnhnOFdHQ2Y3cjAyemI2bDJoRUIwClpnTys1eEFlNkZ3cStndjFyVFZF
eExaQ0JDRlhGWDVyRFNPR3lBRUdITkUKLT4gc3NoLWVkMjU1MTkgRjRiYjhnIEJB
RkJ2QVZsWjdqQW1TeVpCS0tpSTFiZDVYOG5ybG5rMjg0SWVTRnlwd28KZnJMVE5C
M1hkRHc2K3RCZFRjU1ZyeVR2YXhWT3ExNGVRNGRMU1NrYk50QQotPiBzc2gtZWQy
NTUxOSB3ZHJaSkEgYmIwbXd5aXlFUUhJd1VORmxjb0hQWmRZb2lMZ2xBdXJaTmx5
TEU2Y2wwbwpOZzNJQ2kwVUxBRVcrYjBOMWx2V0F0dWJCdnB3cXU5S2tnZmpQc25P
NnZBCi0+IHNzaC1lZDI1NTE5IDVhZHFNZyBCU3QwNjdGYXE2RHZtNGtHTVdRbmsr
QzgweFB6V0xyV0c1NldBeGR1UEVjCjBKN2pJT2FJeFZUNDFKRnJMOFBWRGRDa1JK
UExOZkhwcW9WZWxqSGVwbkkKLT4gc3NoLWVkMjU1MTkgWmUxTXdRIEE5TFYrV0wv
MzlicXhsUHNoblUxa1FlSFlmMUhnYy90OXROUkIycWFFRTgKclNPSFdtVzF6Mml2
KzJhK0hmWDIvUmFlSGVLQ3l5bElLY2N4aWxkNFU1MAotPiBzc2gtZWQyNTUxOSBw
ZUZCUWcgOVkvd3dmV0hhUmwzQlFBOEs5a1hGUmMxRU5heFNaZWhGcDRYdTd4ZktW
NAo1dGsyMUFlV29hOEt4R1l3S3Y4NndrbHVUR29sSkMvZ0R2SXM3TG9MQXI0Ci0+
IHNzaC1lZDI1NTE5IDl2LzJIQSBTclIxdXQycVZlckR6aTZvSzJxY1ZmSVJWNk9j
MWJBYkp0ZUtvNHR5Tnc0CitlQzZDUWw4M3JNSHVkQ2U3MTdtTFBGTmpLenR3SmRw
NWFaNzFJSHZhYzAKLT4gc3NoLWVkMjU1MTkga0hrMmdBIDcyU0ZjeWREdFJrTEdk
c2RGY3Q3cE0wdDh4SGRJUVAvSzR5WmFENWQvQzAKVTZraTduUVg2RHlEME9CcnVq
MFpCbHBKVFNTOG1aUnNIWWJHUXg5T0k0UQotPiBzc2gtZWQyNTUxOSBJb3NBQlEg
YSsrbmdVOHplU29GTzNMNVh2aE5OaENXWHE3SlIxa1NuVHI0WEV1SG5sQQpuQWJP
MnllQkFSMDd3S09DNXhxU0pEcEFGRzZabGkzTlM4ZXBNWlRkMU4wCi0+ICEtZ3Jl
YXNlIHlEWmUtSzZeCm56bkR2UUV0OVJGNENzRWt0M0NQSG5acHdQazJFb1JFdGdq
aG5Lb3BtTUF5QmtKaXV3YVJOTWpMdnRodUx3NkoKNmpkeGw1dlB1NmFpUk1RbFEw
dwotLS0gc3lycXhWZXBmd0srSjhPTW1vMmN2REs4TWI0VUhiaEt6ays0akJQSkhs
UQoyTVD7Gbo16BII9fA/kbWQA9cLwAIJC2eJldhHa1Z+/nCLTYoolHFvhDF1kNNU
Q1VUi7Hwh3WfIZ5U9S8Bb1gtesAXrjAVoa07IuuELmY8P1aVnhO1Dh1E9bXhvjs7
T9Qz5iA0R/IcMGzP1khAwda9urAqjtqjgNJOO9tOnKGOfCuUDhsPVqCZAfag4MeB
A/UbjmKvQuoMLnx4r8AdZB6hEC6OvT0d26e1EzT7o4C4nXYk4+ocvNY2kp+9N8d6
C5qxI5juVeZenESlAxQKqaih6wUI5Hb7vlbMM3LvQqmSdwspOCYvji34LTzE2Vl7
fTb9us7PpueVWLfzF2ea19B2CNZR6VWJ8d2WNDSGhoq80H5k9fawhq/PzgB/CLzB
dArCKrT7pL/L4oQVXuRC+2dKSmOm+hlrWHS1rwWEbgA7iQV8MR7eaHjUKEpRYC/W
0oSyCsBNRTJrTQEZfknGgIK9dAKM2Mx1rw/1AbPrtcJe7aHI0R1wK+bSgXOrYgWX
78V0+RseYYzyPgb6LUwkrA1MAsMp3NqQFts50DZ/x5ZBrKGWyEWO96Sg6oMCz+Gh
2S5P02QBaoTSyuhHpg==
-----END AGE ENCRYPTED FILE-----

48
common/secrets/secrets/nix2h001.age Normal file
View file

@ -0,0 +1,48 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USBqZkZV
ZFlDOTkvSkM0NmFlOHlIak5KUkdEZnZJRnJOQ1hLc2pkc1pGODFvCm91Ulc3aEkv
NTUzblR2ejRzM0I4TnoyYVlkQTk4d2RNSTRUVDJ5bzQwVnMKLT4gc3NoLWVkMjU1
MTkgSmh2TCtRIDlwQlRHSS9Nd1VZV1BRRUVRRTdjWGdKQ1hiRitPMi9KcW1JMEts
eWpnVFEKZ0thUVhWbDZxSHY1eFQ3OHl1R2JzRDFRbkpnMkVQRGhUYi9oa2luaEtx
MAotPiBzc2gtZWQyNTUxOSBTcENqQlEgWTA4bTNxL3E2Q0h5MWhnN0x1a1N2NWRI
K0JteUdIVTY4dlhtc1JYQ0pFTQp1Y05ob2hRcVNhbzJpSE5ReE1hN3BlTEsvdUtJ
STVRdlZCWW8vQWhOblhjCi0+IHNzaC1lZDI1NTE5IEJZS0crdyBRYk42V20xZS84
WGd5NWs0d3ZmcVdKNWU2NlBrVjM0OEdXRHlVaWRORlRzCjBZQ3JaOVFYazVDeHBa
RVhieEZJRkY2KzRSZy9LOU50VGFiRWtsV1FyUUEKLT4gc3NoLWVkMjU1MTkgWHpm
bWFRIE5JNWQ3SHkzcXpGZEZVRVRZZC9GRVRvWDVvNHZkbGpEMTIzUjdNME9YMEEK
UytTTVlUUUhjaGpVZ1lYV0ZETk04elYwZ1FUdGVlMURGV3JwM01qK1M2bwotPiBz
c2gtZWQyNTUxOSBSNSt4ZncgRkNvUjEzdVRvbUxyMGQvQXlTU1NTM1NWd2tMdW01
RE1zd1ppRGt6QndoTQpJckl2VitBR2poRHhmV3RWSXN6amg2aFkvcTd3aTRIRkxU
SFBMSkVERG9JCi0+IHNzaC1lZDI1NTE5IFJvWDVQUSBFcStmN29VTG1jTEtiMTho
V0hJUWFxemRrNnJxL0I0T296bmlvQmt4eEdvCkR0MFFORzExZlhDVXpYT0VlQ2xY
SklsRkFMVDJzQkpPemQwa3NOYUg3VVEKLT4gc3NoLWVkMjU1MTkgRjRiYjhnIDdF
YXNFY1F5MElweVhtQjdkQTAxYWo5Zkp5R1VoQ2s4dkhnUmRwV3R3eVkKQlZ4dTNS
QVlkR2FnR0pyQTlhSWRQNWtnT0dCbTE2YThiZWV5UGdUNFc0MAotPiBzc2gtZWQy
NTUxOSB3ZHJaSkEgT3luM1VmQm9tSG5majdWeEh6ODBLSm56ZFpSTUVmYzY4K1M3
RSt3cGMwcwpLUWpGREU3dFc2NFFtNVZGSDIzem0xZGF0aXVhUHFhUEIzWGMzUDFT
L3I0Ci0+IHNzaC1lZDI1NTE5IDVhZHFNZyBwUml2WFlKSFdnWWw0YXczS3hvZ1dH
d1BLYWNpL1plYXhldDg4d1BHYjJRClZzNkx4S0ZYY1MzeU1aU3d0TlBhcHVvNlJn
NDN0Q0wvTCs5eS8zTnFaK0kKLT4gc3NoLWVkMjU1MTkgWmUxTXdRIDAzRk83R0Zw
ckFzZjNuSHRpQjA2cEsvTnRKdDBRT3hTK1krWTA1Ykh0WDgKWjlEN0NlYjYwb2NH
RzU2N1lzWjI3eTlCSXgyZUIrY2UxUzdwRVY1a3FVOAotPiBzc2gtZWQyNTUxOSBw
ZUZCUWcgYmNEaW9ESGVaS21NQWlITmMrbWQrekxQZXI5SExYbE94ZFhNcWtxSzd4
OApkMzVTSHBSR1BLS25vaFUyaXZQZHE1cDhrTmZENGZNTElINUxwUzNONzdnCi0+
IHNzaC1lZDI1NTE5IDl2LzJIQSBqRXVCUEdEY21xblVXV25sTW5FTkxMTTJPL2pt
U0VDV3hZRC83TVVnelRNCmZXRnYzS2NqcDNIV1k1WHFOVy92aURVVStDQU50VmZl
T3lSZTNveWpNVEkKLT4gc3NoLWVkMjU1MTkga0hrMmdBIFc2c2lrVWZpbCtXS1Jr
TFI2RFRYM1BNWEJjeFUzclpXTUF2OGE3MmFNSHcKV0dHQngwRE14VlZRdDJqTHhQ
dTMyL0JMN3VRWlNRTVZka3VuelF3QW92cwotPiBzc2gtZWQyNTUxOSBJb3NBQlEg
d3JwUyszcTl6TU1XVHA0d2RNb3VPa2I1ZzFqdzJyR0ZTTTIzNi9VcnJqQQp5VHVh
TTBjWXgvb0daeWN0Ty9DTytRMkVES1hBR3M5YWdEanlYdDJSdU8wCi0+IF99LWdy
ZWFzZQpnZHBVTGZvYm1sWk85SzVOV3FOZkZtM3NKNlFLdUxDRkxBTQotLS0ga2JS
NGc3N3o1YjBOeEl0L3NVZVprNDA3VFpJdmt4eW0yYnJ4VWdkdXBoRQqosYCeWC24
SETTy8dVYTN0kWZBhYxUQDb6mhHPZrLOmlNyDeambLNwpoGHGpxUy1vrYL5cOmBA
pZ4lLKvAvm+lj7FCqX7+uhQi5FohVTm9bz1IsJcId82yf6lLjc4p7M+ww6icM0vH
DHHsZ2ecQiJKOvf8BUGgAxBkkdy0MWVRAAtOAqadBRtaGB5902FOI0gWLyAyFqlk
+P/pHRfob8PlnWb7MTYsUVgIBtbV/hIcpSx7BIsPTsdr7yFirhfoC4giBMT//2Mz
e7NGN2bX93pAUPWK2P/k3geArT1zJoFeyOpkyIhnfeXaA8WKb5juA/Rly4aGUJO0
oQKJkNGg3DPQMAEwwaijjuz19wd3o46o5la+2L/Yx2fCPDcwOyYzh8wVdc2eq6Ab
y3y1wlFfMLpsuBSENnCQTPCWimTOk2lPUKEjDtLXCtucwyd/fzjHCjF1iR5twVrw
id5+60bFV73v2QsQ6+qnNRj2Ea+LRHA48NtQH4Nedv8xlhgqkR0tD8mZc6Xo65MT
1Lj9suIPCf5L/j7GiX4MPDt/uptHJEckGMEo0rrwINBps7K7XrQLfw==
-----END AGE ENCRYPTED FILE-----

48
common/secrets/secrets/nix2h002.age Normal file
View file

@ -0,0 +1,48 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USBLNmRV
NlNNT0Y0cTZVY083b2U3K0tORkdxR0IxNExrL2EzWmM4a2hoUkF3CmlDWmVaY2tV
OVVrYTBXeHpIM1lkOVBPeG9qOW0vL0hmSlM5OTVjcFVNUEkKLT4gc3NoLWVkMjU1
MTkgSmh2TCtRIEJJcGRpcnlSRGFtNzFlUWt2OGpxTUI1WG9zdzRZakpwUjkybW1J
MkdhaDQKNEMrT0VVSnZKYzZscWNBdkQzbXBsc0liYzI5bVBkZC84NnZKYzBtVEZ1
TQotPiBzc2gtZWQyNTUxOSBTcENqQlEgR0tSZVk3M0hBd3djZklhVmdOQk5lcXpm
d2NoL2RrVk0xLzNxRWVIWU9YdwpXQk0yQStOY1JFNjF0ZWhkS1gyWGRhTXpkUGdI
RGlOZlBLMnFaMGVVSjMwCi0+IHNzaC1lZDI1NTE5IEJZS0crdyBBZDluVnlKQ2FV
NFBpZDZJQmorYXVsV2lHMTdLRkVjSjZPNHhCUk5iSVV3CjdIU1RaaEpocDF5MHNj
blFVdGJjR2hwczNOZmpZdElXSURLd3hpQ0xvQncKLT4gc3NoLWVkMjU1MTkgWHpm
bWFRICtWcXVMLzdGOE5xajlBaWdoMk5lL1J0U3JCL1dZQmxnOFpsK0Z2ZzFvbjQK
ekFWSVgxdjZjQlkxMTlCYnNPMWN4MW1YY0xSZFltSk83RXkyUmZBakZjNAotPiBz
c2gtZWQyNTUxOSBSNSt4ZncgZDByMm1IanR4ZE5EUExyTnNNVVN1RTdTV1BJak9E
TmZYbEZOSHNZbFBDRQo5YTZjcVBrbTExazV1a3ppQ1Y1NUZhUUNqWWhLaTR3NkVx
YlpzR2xNVWQ0Ci0+IHNzaC1lZDI1NTE5IFJvWDVQUSBNMEt4UFIwb21GOHk2c25j
a0hpMkRQVGhCM2NFWmNlWXA4SElZUlQ1TlY0Cm9CVVBDQ21PbU1Fd2ZCclduMjdq
aXNuZS9lN0dicElXckxhZmxpRjJDL3cKLT4gc3NoLWVkMjU1MTkgRjRiYjhnIHA3
aTJ5VUJROE1PZXlGZjF6R2J1OVBDUWF0N09TNmRkZ0x0YStxK2ZTU1EKWDBkK3FF
c1FCSHZvZW5YMHBVSis5N1pRTW83bnpQZGY3dTlOOGNJT011ZwotPiBzc2gtZWQy
NTUxOSB3ZHJaSkEgNFhxRTdZNm9OUm1zOGpadi9jckxOMnRhbzUwL09SLy9JRncy
TTlzWUVuTQpVdUFtWTZhRStkN1F0cEh5bU84YW45YmxtYzlXR2NOdTY4bHRZZWs0
RjlJCi0+IHNzaC1lZDI1NTE5IDVhZHFNZyBXdWo2c3pPY3hmRmp5Z1FFdERUUzcz
MXRRNjI0ZVlLUzArRFhodS9FNDFNClZyREpwb1IxdG14TFFSVHlkTFNVOVlzS3kx
M2FpSkhReXljSytVczR5MHcKLT4gc3NoLWVkMjU1MTkgWmUxTXdRIGdIeFpXODY1
QkM3QkNkMllnWXFyTlBpYjd2SkI5TlNoT1ZxSldCN2xGeUEKaU9XSkQ4Tm56Tk9B
Y1l3OGozSVk4M2ZFejdwR29Sb0NsQ0xrMmZzai9DawotPiBzc2gtZWQyNTUxOSBw
ZUZCUWcgUXVkZUJhbEJ1ZnFKSWRaVUIyK2JCcC9PbDZjQ2VlTURWMzBOM1loV2hV
dwo3OFVtR1JldEwwSjE5NGJKUEVyYlBzTmJIYzBYSCsyWWU2TnRwaEZLeWM0Ci0+
IHNzaC1lZDI1NTE5IDl2LzJIQSAwTkpuekFzUHZmWFdRSjRnY3YweTlWYlRjOW1U
a1hXRXFPakRNUzdxVWxJCnhIYU8rUGh4dy9HMGUrVi9aaU5uL3djU2JrYktaaTZI
QVlMc1VyaTUxTjQKLT4gc3NoLWVkMjU1MTkga0hrMmdBIERkVmp6eDBvZ2dXdURq
WlNwZjJMN3FLVXJEa2taYWJjbVlLVXBsbkl1MjgKdUhtQ1RFS2Z6U2t1M1MraWo3
VWFCZERRZXJPTjBNS1FkdFZtdnQ5T0pBUQotPiBzc2gtZWQyNTUxOSBJb3NBQlEg
TUpKaThiUVJWUEF4aHZQMXpkdER3TzY3cWxWV1BEbEd2TVRkT2Y2MitqYwpsbDU4
U05mN0xmY3pkNWtiRTBPSVgyUUhBTTA5cDc1aFJEUDBjU2owd0VvCi0+IHAtZ3Jl
YXNlIGxgcisvJiUgXWVsIHZrIE4KCi0tLSAvREZvRE9zUlRIOHZpYUVWZ0pyQmlh
K2ZubG02bjRjdmxBcVdLVENIejlVCtydnNICLzNyabsA6H8fhwkySlITewQ0vFBQ
GvfvDobgKzac8kmjDDwiIBwRI+EgVznSecv+Oqi2sJaodIxGaYgvEh+FURMfYOPX
K95ykf+R4bAowyG66i+mg9vthJU2O4v43R4qN4+0CVrArqhQp+ywNERsTV/2pU3f
bTFAYaLaLihEFDjCy9+p/D5l33Ns54FYAtBtQ/Ut4VY43i9inE/qohM6vy1W1SgY
THW3pLHvB6WlZvv4uD+IXK7GJXkedKxIuH0pGWLTF28aIlWTV8QYlCYpqpqaYs4X
87oze8zgPCNa2xODkQnYUI0GX4Fg3vP1K6R4G4DtCOytZdDYXncEIC4+opOoNmfg
xuhjELH+eZLXXRRd8PPrPTWXQ9CjPOK20vwc2To3Oljt940di6+886j2vFEBd44v
A1cjFG+K4mQ9GvdAk98EgRVXasmXyKnRdc7kFym9EY7guZtoA0Bav7YCn2vMwF7G
yLmxss4Wa7UA9v3GF270M/fb6D5u9qcDG7v41wYSldfaqSDs0Vw1ZfaGBYAXF5v7
GgU0MSWaFyHej5xq5UVTlMtWh2YR
-----END AGE ENCRYPTED FILE-----

50
common/secrets/secrets/nix2h003.age Normal file
View file

@ -0,0 +1,50 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USA0dTdj
TDY2STIxTm8rbnNWS2J2VlZxcVRFYzdBRElDT2RUR1pRd2piaDFZCnl2d0xoUmg3
OEs2bXNUY29RQWJ2WG9GMXIzZCsvcHRRUDFvRFl2elR0a28KLT4gc3NoLWVkMjU1
MTkgSmh2TCtRIFJsbjBZbFhEanBaSW1BOXBwbVQ5eUtHSDRQRzJleTBGc3BlY0dv
VzljVk0KZEg2M09TNVlvYXAxaEFaUlpkLzljZXVQUE53aEVLQlZXbVBpdEM2b1Za
VQotPiBzc2gtZWQyNTUxOSBTcENqQlEgLzQ0MVpLWXMvSXkwTnk2VWFrQWNtdVJj
bURKUzMrMmRqeW9TcTF4V3FtdwpVQmducWt2dkVPQklma3h0QVkwZk11cW9SMkxa
Ykp6amg4RWUrZEpFb3NBCi0+IHNzaC1lZDI1NTE5IEJZS0crdyBDNjhjTlovT1J2
QXFPOVZrQ1ZFWUV2cnF0eFdTR3g0M3VFd0dvU2hVNEFRCjdzR2hZR1pKUkpJL3Uv
VEdPNzE4TGtWRVpZeEROZGFNMXRtc2pFYTJoMEEKLT4gc3NoLWVkMjU1MTkgWHpm
bWFRIGlhUGZSUVhtSDBuaTF4a2pCbFNqUk8wN1NGT1cvbkVqUmk0cEVCTkhoa2MK
OGZGdlZBLzJCOG0rN09BQlFlTm41NVh1VEdZWFRjVTVMeFBRMXB5dktUZwotPiBz
c2gtZWQyNTUxOSBSNSt4Zncgc3EwWEY0dmZPT2ZnUlN4Sk83WkE1c0FldGhYclFK
T092dm9rQjY3TEh6UQpFQlFTdXBJWVY3aUx6Y3lKVDBGQ3ZHbVJqMm16R243Z3VU
T2lHWVdNMTk0Ci0+IHNzaC1lZDI1NTE5IFJvWDVQUSBuUTNLUGIwMzhKcVVyeUNG
NmJ1WkRtdS9FWHQvTGROL2ZiUmxmVlBIQWtZCjZJMUduWVNQMXVZRk1CbjhCTnFX
RkxoaTJuelV2bW01T0hiTHgvNTVZc0EKLT4gc3NoLWVkMjU1MTkgRjRiYjhnIEl1
SnJKZ1Bwb0lsN1dTZ1I4YVN0c0NaUDVEd2c4SjNTRkw1d0ZpaTF0RHcKTzBabFNx
d0ZjTjNoemY1UzVBemd6QzNIQTl3b0N2WVdWUE9CV1VzcVVtcwotPiBzc2gtZWQy
NTUxOSB3ZHJaSkEgbGI0MjhMbDFZblFud0U0Qi9ibHhSMlJTa0cyRHFJNW1tcnZQ
ZUNma0VoTQpuNG5ra2hwRlpneWxkTEgzQWlhMkRJVUMxR1RVZWZXWGloUEtkcWdI
RlFFCi0+IHNzaC1lZDI1NTE5IDVhZHFNZyAwNHF6Zmt5YXViL3o2aVVKVTNSakVX
eFpuSHN5Ty90bGI5K0l5VFVtL1NvClBsa2tRMm1QSVlBNmJ6T2JlT0V5cFNmV1c4
Tm5nL1NiOWtGWm95VE1Ya0UKLT4gc3NoLWVkMjU1MTkgWmUxTXdRIGFwdWhWNnBQ
N1lYeC82NzNHZ2d3TzBzUTcrcm0wWGNPdEc1cUtndTZRM1EKTmxadlp6WC9BQzhJ
S2NIbjM4OHNpUGJiZkhOSXJDSitiNndOYm5VWDlCcwotPiBzc2gtZWQyNTUxOSBw
ZUZCUWcgUTFOZUtZSFJRUkw0eE9wd1ZCcXd6Z2RvUFVsUnZBcWlSRXlHU0lWcVpH
TQo0ZUszNFF0NUdib1BpZ1FnM0hBUjFsMHdSTE1ma01OUHRIWXFUMmJRbWRRCi0+
IHNzaC1lZDI1NTE5IDl2LzJIQSBocFJ1aGpicCtUTjR5dEw3RTNya1dINTN1emZl
OVF4Ykd2SmMyNUNqUlJNCkV2ekVCNk1uNEZiTlJYVDVsREQ2cCtRR3pVRVZZek12
aTlLelNZOVVXZG8KLT4gc3NoLWVkMjU1MTkga0hrMmdBIC9aT0pJSEZiMTA4c0Vi
dExPN0ZtT1BOY2ltNk95TzB2K0J6WEJaTUJ6bG8KdWo1OFpTWm1JWkRrWmhYUzRl
TUFJTHp5Mk9hVXZSNXFHM09IZHZOblpqQQotPiBzc2gtZWQyNTUxOSBJb3NBQlEg
ZUpiN0RMRUhKM1ZvRWJQYVNCVzROckZ4SDY3NU4xb1djcUgyQW9xRnkzbwpOZ2Fu
dXNnTERuOHFoVVZGMUhpb2N3MDhRK29NVjhuRFhyZTdjL0orQXZvCi0+IDtXeHd7
YFBpLWdyZWFzZSB7PCBcfkRZey4gI1d4Tn4gXwpIVDhGeFk2K3dOUkhBWkU3SnRP
THVSUXBWTVJBSlZVWERqL1F6NjFYQUJHZitiWXJhYjFHS3lmd1dDVW4rWDZRCmxC
bmt3NTUvZ0dScGFUaFJ0dwotLS0gTTRUejRxU2ZKZVN4MXkrSG52dHJzamxpdjBC
aWo0a0lmS0xWeStFN1UzTQrI0E7L65ZYdi9LJwZ3nSgT7WwwQJovYBqw7YO8jE+n
1iAUsxo+nj7V7ub7D6IxBaXupMwqqEGX/fUgLyHrckL8V6RmVfvoJROp1Vm7HncW
xqoFr1cj3n6p+O+xQPFy+1uVSktCTvLgHDNHavRPaoT6vP2FcvQkI7jczbGJel55
YBA6bLrMLsn1+MmY5oT61huymRbKFyt3c7+u/vqYwD9/J4/KPW7nO0hCQ8LBJEm4
KFwj/6d8zyLFGRB+wwH3pEPFWZ17/7tK4xRR3jUw3ertMKnLtpYpI7sCOhCStH5G
6CTMGgmWOyPmccVfWF3RSnuj5I53nnkYktWcc3o+ak8GCw8PBJvAfkAJyNjrSo6V
QTMX9qsrL8SydAXXFk2lNcv3maH6RgRB9ycPGak/ZsrFP0VkMFpOLIfqjJMnfChY
CUi2b1iTMlmw9VITSfgh82mue+bcevSaP6KboeksBq2ah8hSN80WPtb7VQNUNl/u
cQT5DoyvaIxOstiVpBy7DY4pvb6c5iWkUuuDiHrn0AA4XB2skTNhGU1oty0YrDFB
tnRtsOYgu5d/53Fcd8aUNg==
-----END AGE ENCRYPTED FILE-----

49
common/secrets/secrets/nix2joe.age Normal file
View file

@ -0,0 +1,49 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USBrRFlo
VzhEcDJmTStuQUxxcms4am9idGpZYm5HVndISDlDMzVVVGl1ejJBCldYZllDcGEx
QVl6NU1vVjBPQXpLTndDdUZIRWJmMC8vRWhjOTRDUm5yTUUKLT4gc3NoLWVkMjU1
MTkgSmh2TCtRIHl3SGo5eEdyRWlYSmVZaWhJNEt0VWRiY29IN3AyeGdYQWtuKzRL
NzJrVUEKaGdSelBON1JrbUZGVnJUL2RwZzZVWWJxVUkxUmVrVHdTcno1aWYvbGwv
cwotPiBzc2gtZWQyNTUxOSBTcENqQlEgQU5Ia294NGsweUI2NUs1S3VZaVVEWUtZ
d1l6WGdPcnBmck81UGQ1Kyt4QQpwUG5iaFVUNG43a3A3M1FvUjZGd3ZtZzMrTUFm
amUzcHI4Smp0OXdpdWJVCi0+IHNzaC1lZDI1NTE5IEJZS0crdyBFRkd4U2hvcGRk
ZjhleWdheUtqVjBRMXdwZ01KY3cyck5tOCtBaXlBc1ZBCjNvUURFdEFpZ0VteCti
Z2t3SlhRbWMxakRHbFlPMU5HZDlOV2R5d3pWdHMKLT4gc3NoLWVkMjU1MTkgWHpm
bWFRIFVZRlYzSU9FZUpoMnp6dVJPR21Zam96R1NQOXJQSldXOHNGYkZnR3ZxaGMK
eEJvbzFKY1R3WTJVaTN1c1hnTWJ3ZU5OZjlZR1kxMXd5bmJYNDRBSWNqVQotPiBz
c2gtZWQyNTUxOSBSNSt4ZncgUHBaY3ZaVjcvZXMxLzRiUisxMnNwV2hlM3NxR05Q
aE4rQjJ5ZDl2eDcwVQpUM1NKNHg2UmtPeFhGbkxTUlFtTFJ5bjNSZVNEWmVKaHg0
cWpmT1VZZFZnCi0+IHNzaC1lZDI1NTE5IFJvWDVQUSBKZnF6enhLS3BzUis2azFK
VlFDVTZTRTQ0czdNclBGYzROUEJHYlpod1gwCkpMb2hSRHVFTzVTZ1dmM1Fid2tl
bkhrK1dMdmxZSWxhMFBFM0wvZ2tuTW8KLT4gc3NoLWVkMjU1MTkgRjRiYjhnIEov
MGpzVlFwSi9RUDlQSmNCRXRqaGNpSHFwa1o5emdOcmY5UFREejdtencKVHE3OGlT
NnQxL0xJdTdYTnJQRTl1bjJNZDJ2MVdnWHlzb0pZS3JvYW1GbwotPiBzc2gtZWQy
NTUxOSB3ZHJaSkEgVVVrQ2ZJdnY0WHRrdFBidDh6ZGxCQThjMk1DcG1UZ1hhMiti
WENKclB6dwpCZHRhU2NWZTFQYUFWYUxCUlBUenZPVDdQa3pXaVE3ZUdSNm91MWxB
SGZFCi0+IHNzaC1lZDI1NTE5IDVhZHFNZyB3QnVtWjlsOHJvVmltSkdVY0wwcmhk
S2prNGg5UE0ydWdSck4vMFY2cFdzCnAvOUR6VWtEOXd3OE16ZVROMEJraXVTZHV4
OFdmQlRXcStLa1l1eE5yR1UKLT4gc3NoLWVkMjU1MTkgWmUxTXdRIE9NbklVa3V4
aU5ubnk4WUJyRTdXRmIxT2YwODJQOWZ2eFdYUHphSGlwWFkKT2ZWWWF6eGc5YXJy
NWNqNE4yVXc3MFA3eVJQbDd2Zm1FUkF3M25LT0FGRQotPiBzc2gtZWQyNTUxOSBw
ZUZCUWcgNEZaNzVhZlVrS2FXTlRXZUZMcWhwNnVORGJKYmErQ2FIRDl2b2wvNDB4
OAp3NWdNcjVXb2RLczJGdGpyaFo4bTVLMGk5QWNQbkJpMjh5U09kbENVS05VCi0+
IHNzaC1lZDI1NTE5IDl2LzJIQSAwbXFvZWVaTEp4eUkxVGkvcWpZbmRnWGdjeXdW
QzgvbzBnbU5KWE5Ba1cwCkxUNnkwTkFFdHpuRlovWjh0RVE3U3pIc0tVcXY3RTc0
NjRaRnE0YXp4NDgKLT4gc3NoLWVkMjU1MTkga0hrMmdBIGtraTV0YWxFVDVkb1pE
NHpVQ2h6VGh3LzVRTG02cVdGRHpmak4rT2h6QWMKS0N0SFpyY3lhYlZxc1NQbkZW
VkVvQlAwejF4aUpnZmY2RnlHNDhQVHhXcwotPiBzc2gtZWQyNTUxOSBJb3NBQlEg
dytPUnI3MW1TckplUDZWRUZrUVN0aXhtSG1OeWkrcEIvVitxOGR1UHdFNApxaVFP
cVNrV2YxNGZQalZ1aTZLbjFYM1hWRkpFM2xhRlZTN3VNNFlaR09JCi0+IFEtZ3Jl
YXNlIEVPUgo1b3AzSWtZdkdwWEM0bVM2cU8rdTkxMFpTV3BZUGgzQ1NwWlJ1UXMr
dVIyMktqZjBRSzlrQkh2V1dGM3NoUQotLS0gSW9aS2RLNzZMQXlVakF1WDNzNWl3
VEpQSVVWVVZkQU1FZjBaNHFxdmFzSQoHZa1y31EyfxcF5zL9Tp0efLfm1Ak/v9N3
IqCds1BYhPDeCECA1zHdGZojhrxFuOyr1H/uSKuksPktfi0K7F73NsQ8Prf3hiVg
C5Ckh540/7lv8Y+f6eOSlbUUHkO/UftqyPqPwl+L3cHApoSN5OZJz+nVgJROQMBY
63lxHjw170/E1BNsf2jqdHHJUwyFd7hia212PqCQOyh0wbc+6E0t/9gDQXphBxC2
/EpwLgBf0b8+nzGVZ0RP3wkegZyl2LYwkh+PLhRTTJOulE664eaJBFRpW/wfw1el
QaoEHw52O92IE6KbM7lQ2ujmHYG2aKBf/u16DfkDBrHSplz9bolcueppa7ubLgfU
mEacucUtRN2k+kA8S0UVZDsbo2oQfQL+fgq6Hcx1shpIFpugyhDMMHDD90cvAs8w
Keg8jHbTEtVJAtBmLYraeyGXsla1vPCcoXfHr49ej3Q4B7pMmReMtMEP/BDKy6pK
csPW/lebooacQpu1fjVyYyW/AgJHa0U6oZTr5i65FNYd0nQa07D3bYO3o7JUFZoB
Ah7b2Pj3Wv5Uzxka0R13xtr0Ud7jqw==
-----END AGE ENCRYPTED FILE-----

49
common/secrets/secrets/nix2l002.age Normal file
View file

@ -0,0 +1,49 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USBPODJ1
Q2VxRFlMeUcrS0V0ZEhGdlRnRE92TDA4aXUwdDVKYUhBaG11R1NVClRUNnlJd1ow
MkliL08zZE12bHRyaFZuQkszMU1nL2pxT3hIWWlObW5IUE0KLT4gc3NoLWVkMjU1
MTkgSmh2TCtRIDUzVXpLblJLZmY2UHJnQ1FIV25WRjJEWEYva2RjRUFNbkU2TkIw
Mk9hUTQKK2pMSytja2ppbE1Vb3hYVWhNMG1wUW1lNjRGMGpseVVpeUV4dkY1eTA4
NAotPiBzc2gtZWQyNTUxOSBTcENqQlEgWmV5NW1rVGk0Y0VBTFJ1bEpGbVFqdEp3
ZVhyWkpaWm1uUHl0L2N4WStRYwo5WE5LYnUrTldDMGQrbDhtTEl3cmZGT21FNkZt
NmJ6eVBGeG5ZUjhCZE5BCi0+IHNzaC1lZDI1NTE5IEJZS0crdyBVcWZqVVl5VDBP
azJjL0p4VEJnTzJrdkRZdXNSRGpIdXM3ZWttWkluMlc4ClJOV0xTOU9PeHhMeWpD
a0twcCtxYklUSjF1R2NseFF3NDk5eFI1Z2Z3Y1UKLT4gc3NoLWVkMjU1MTkgWHpm
bWFRIGhONk1uMk5xRVdFUGZhNkpHUWhMUTN5bkkxdzNTRExqOGlGZzdOZzk5U3cK
NzJVSFppeGpGSWdob3ArTDhpcEhNSmVNMm8xcXRUS1crN0FubTR0T1BnTQotPiBz
c2gtZWQyNTUxOSBSNSt4ZncgcmZ4MzRQQW03MWpwK2EzYUtaL3pPQmhhVzVBK1U4
K3lOSDhNSzJreUwzWQpKN3BYSUg1ZmZQMEFyMUJRUU53bDJGZ0ovd0hoRWFOdEpK
WVJUOGErZkFzCi0+IHNzaC1lZDI1NTE5IFJvWDVQUSBSblVTemNRb3M1T25yYlhS
M3dLQ0oxZmhLQ1Nldkc5NVY4bDVMcWpPaEc0ClFDalVaZzMzUGxNN0x1eEJRUklQ
aWwybzJhNmJNNkJBSkp0WVd4WGxEZEUKLT4gc3NoLWVkMjU1MTkgRjRiYjhnIHUv
ZWdmZ1RUZWZIckkzVENjblk4a0lVbVRzL3lDOFZhQk15SnU3REJwaDQKQVNncVdL
R01RM2FQekJXcHdYb084SzRRVGcrcVdMMmIrWXozM1BXcFdJRQotPiBzc2gtZWQy
NTUxOSB3ZHJaSkEgeGhtdkMyTUQza2t2Y2ZGbmRNbXhFSmt6MGNNTWVGV2xGKzhN
bzB6REhrWQpIUTNPanVNZXQzMHlWQUduZUMzdk51bnNqM3Raem9pRG9iR1FRRzBm
aTIwCi0+IHNzaC1lZDI1NTE5IDVhZHFNZyBJaUM0QkV3M2R1czdwYy94VWlyb1Jr
eUUxRU5zWU9tUGN5R2lMdk4rUFMwCk1ZMkJ1NW1abXRicjRkcE9CUmRqVFRjRlFv
d2hHYmVKNTVYc090ditMYTAKLT4gc3NoLWVkMjU1MTkgWmUxTXdRIEpFYTNQSDk5
Y2JXL29YaTExc1ZiWkFKZUdFcDBjd1p0NWh0bkVXSk41aTgKRmZuWHRuNnpqUFNp
OFVZeVhDeXJMbUxuWnBvQVE2R2NwOXFQYXNnOUFsSQotPiBzc2gtZWQyNTUxOSBw
ZUZCUWcgNmlsV251TVpneWttdGVKVldSbzg3RE9ablQ3ZDhSZE9Sc3Q0VDRUc0Vp
VQpXZ282cnFmczRvb1Q5cWtrd2NsdXBlejFMSUJwK2Z3Zmd6NEpNNUxJMDBJCi0+
IHNzaC1lZDI1NTE5IDl2LzJIQSBLOTNlbFFPdVBMbElNcUtaVGVtVHFjTGJHQlFz
NUdDYnRsbGJEbWVsdURRClVnWnpuT2dhUDV6dVp0d0FoT0gxcXR3cVJDL2d3Mm5G
dzArWjhsczd2QVUKLT4gc3NoLWVkMjU1MTkga0hrMmdBIFIvZGVGTmJ2TmJxR2Vm
b05RMy8za0liMGRLQU5XR25DNmladkgwd091Z00KTElBRTF4N29pbHVHYzAydVgv
TU5BRlVJeW93NVFtZEkyK1puUnBEVUJhVQotPiBzc2gtZWQyNTUxOSBJb3NBQlEg
ZU5EY2kyZWVVWDdEZDdZSUIxQ2lneWJrL1g4Ry9NcWwzOXo2ck9nam1WYwpRWlMw
SEhMR2VHMWNyS01TV0RQSGJiZzNjWXRRYTc2U2w0QnhpbFZzS0pFCi0+IFBBQC1n
cmVhc2UgXU0neTEgXkd1TDhHLHwgWEc+ICExVwpSanE3MWgrYWtEQ3JYbm9POE92
cVVLK1pBaEdGTnVBMQotLS0gQk5Ud2dJZHRzN0RZTTlZLzdvTVp6c0pEejFBZU9l
bnA2Q3hGcmVOT3NnZwopOnc+QlhQ9rs4u1VZzBGuVT1C/M1+of1PrkVrG9FspsTv
k9M3NSrz1aCMHSgX+YdH59xr56PqsRjP6nok8+2XMMs04g/sfbQsBG6GIy0l2ke9
+RgoIQ/7yBY6HhcSfBK8OGHsBTypj2iWsXmHji+JJHgXelLBQxPhiPh721Y+aR/g
6dhgaSkeiztKbzuXX8Y4idAx22vln+a9IhCeh9ObUucxXoQ7PsJXJqPFr4tqJfWe
R2wluD3RtZxzbkvKcmiVvgJt2pRRoMPC5tn6Se2Hl08fDoTR9Z24wK5igtu0+rBp
tALfNh62Nl2U1s4Ukd+5eH28vC1QEz9UqnTNvi7o+1usmLsMIjwagEgfUB+yzaT+
8VJDj4Y4xfI5WdgbWe9A9JFk4ve8Xmqkkg8zlaveEg/wSMDbiZP5NV20xHDIr6kP
yrctn77Vohff0iYL4Fm38FgJfODFCLsHYOok3OgGGySLdTZcYZ69yJjlDm5m47ea
vz2zRL4m9MxS4vE9eR04T5G+isZnLZJP/T6SImvSKHKNpeXLSFbycRLYJkf0jNCS
g1ym3Ql3lTyozQVBCg==
-----END AGE ENCRYPTED FILE-----

Some files were not shown because too many files have changed in this diff Show more