xyno/nix-configs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: xyno:664d4f20fa16041e086582755cad70271fef6f4f
Branches Tags
xyno:main
..
compare: xyno:f7afa33a13d66aa1d9dec2c139d1551fbbd55167
Branches Tags
xyno:main

No commits in common. "664d4f20fa16041e086582755cad70271fef6f4f" and "f7afa33a13d66aa1d9dec2c139d1551fbbd55167" have entirely different histories.
664d4f20fa ... f7afa33a13

40 changed files with 657 additions and 1727 deletions
Download patch file Download diff file Expand all files Collapse all files

11
.helix/languages.toml
View file

@ -1,11 +1,6 @@
[language-server.nixd]
command = "nixd"
# args = ["--log=debug"]
[language-server.nixd.config.nixd]
nixpkgs = { expr = "import (builtins.getFlake (builtins.toString ./.)).inputs.nixpkgs { }" }
options = { nixos = { expr = "(builtins.getFlake (builtins.toString ./.)).colmenaHive.nodes.theseus.options" }}#, home-manager = { expr = "(builtins.getFlake (builtins.toString ./.)).colmenaHive.nodes.theseus.options.home-manager.users.type.getSubOptions []" } }
[language-server.nil]
command = "nil"
[[language]]
name = "nix"
formatter = {command = "nixfmt"}
language-servers = [ "nixd" ]
language-servers = [ "nil" ]

1078
flake.lock generated
View file

File diff suppressed because it is too large Load diff

50
flake.nix
View file

@ -15,19 +15,12 @@
colmena.url = "github:zhaofengli/colmena/release-0.4.x";
colmena.inputs.nixpkgs.follows = "nixpkgs";
oldConf.url = "github:thexyno/nixos-config";
# software
rust-overlay = { # https://github.com/nix-community/lanzaboote/issues/485#issuecomment-3466684727
url = "github:oxalica/rust-overlay";
inputs.nixpkgs.follows = "nixpkgs";
};
lanzaboote = {
url = "github:nix-community/lanzaboote/v0.4.2";
# Optional but recommended to limit the size of your system closure.
inputs.nixpkgs.follows = "nixpkgs";
inputs.rust-overlay.follows = "rust-overlay";
};
zen-browser.url = "github:0xc000022070/zen-browser-flake";
@ -40,6 +33,10 @@
niri.inputs.nixpkgs.follows = "nixpkgs-master";
xwayland-satellite.url = "github:Supreeeme/xwayland-satellite";
xwayland-satellite.inputs.nixpkgs.follows = "nixpkgs-master";
nheko.url = "github:Nheko-Reborn/nheko";
nheko.flake = false;
mtxclient.url = "github:Nheko-Reborn/mtxclient";
mtxclient.flake = false;
nix-ci.url = "git+https://git.xyno.systems/xyno/nix-ci";
nix-ci.inputs.nixpkgs.follows = "nixpkgs";
@ -53,22 +50,12 @@
# csharp-language-server.url = "github:sofusa/csharp-language-server";
# csharp-language-server.inputs.nixpkgs.follows = "nixpkgs-master";
# authentik
# # authentik
# authentik.url = "github:nix-community/authentik-nix";
# authentik.inputs.nixpkgs.follows = "nixpkgs";
# terranix.url = "github:terranix/terranix";
# terranix.inputs.nixpkgs.follows = "nixpkgs";
# non flake inputs, maybe use npins in the future?
adw-colors.url = "github:lassekongo83/adw-colors";
adw-colors.flake = false;
nheko.url = "github:Nheko-Reborn/nheko";
nheko.flake = false;
mtxclient.url = "github:Nheko-Reborn/mtxclient";
mtxclient.flake = false;
authentik.url = "github:nix-community/authentik-nix";
authentik.inputs.nixpkgs.follows = "nixpkgs";
terranix.url = "github:terranix/terranix";
terranix.inputs.nixpkgs.follows = "nixpkgs";
};
@ -114,7 +101,7 @@
inputs.lanzaboote.nixosModules.lanzaboote
inputs.sops-nix.nixosModules.sops
inputs.impermanence.nixosModules.impermanence
# inputs.authentik.nixosModules.default
inputs.authentik.nixosModules.default
inputs.nix-index-database.nixosModules.nix-index
]
++ (import ./modules/module-list.nix);
@ -126,18 +113,10 @@
importConfigs =
n:
map (x: {
${x} =
{ nodes, pkgs, ... }:
{
nixpkgs.overlays = overlays;
nix.package = pkgs.unstable.lixPackageSets.latest.lix;
${x} = {nodes, ...}: {
networking.hostName = x;
imports = modules ++ [ (./instances/${x}) ];
_module.args.otherNodes = lib.filterAttrs (n: v: n != x) nodes;
deployment.privilegeEscalationCommand = [
"run0"
"--unit=colmena-apply"
];
};
}) n;
in
@ -151,9 +130,13 @@
specialArgs = { inherit inputs; };
nixpkgs = genPkgs "x86_64-linux";
};
deployment.privilegeEscalationCommand = [
"run0"
"--unit=colmena-apply"
];
}
(importConfigs [
"nemesis"
"ds9"
"picard"
"theseus"
])
@ -195,7 +178,6 @@
devShells.${system}.default = pkgs.mkShell {
packages = [
pkgs.nixfmt-rfc-style
pkgs.nixd
pkgs.nil
pkgs.sops
(pkgs.runCommand "nix-config-bin" { } ''

8
hm-modules/dark-theme.nix
View file

@ -23,10 +23,10 @@ in
gtk4.extraConfig.gtk-application-prefer-dark-theme = 1;
gtk3.extraConfig.gtk-application-prefer-dark-theme = 1;
};
# qt = {
# enable = true;
# style.name = "breeze";
# };
qt = {
enable = true;
style.name = "breeze";
};
};
}

2
hm-modules/firefox.nix
View file

@ -362,7 +362,7 @@ in
"user-filters" =
''marketplace.visualstudio.com##+js(rpnt, script, /"(DisableVSCodeDownloadButtonEnabled|Microsoft\\.VisualStudio\\.Services\\.Gallery\\.DisableVSCodeDownloadButton)":true/, "$1":false)'';
"hostnameSwitchesString" =
"no-large-media: behind-the-scene false\nno-remote-fonts: * false\nno-csp-reports: * true";
"no-large-media: behind-the-scene false\nno-remote-fonts: * true\nno-csp-reports: * true";
};
};

5
hm-modules/git.nix
View file

@ -9,14 +9,13 @@ in
{
options.xyno.git.enable = lib.mkEnableOption "xynos git config";
config = lib.mkIf cfg.enable {
programs.difftastic.git.enable = true;
programs.difftastic.enable = true;
programs.git = {
enable = true;
difftastic.enable = true;
lfs.enable = true;
# Default configs
settings = {
extraConfig = {
commit.gpgSign = true;
gpg.format = "ssh";

138
hm-modules/helix.nix
View file

@ -22,21 +22,20 @@ in
# nodePackages_latest.prettier
dprint
markdown-oxide
# codebook
codebook
## python
# ruff-lsp
# nodePackages_latest.pyright
# inputs.csharp-language-server.packages.${pkgs.system}.csharp-language-server
]
++ (optionals cfg.withLargeLSPs [
netcoredbg
nodePackages_latest.typescript-language-server
nodePackages_latest.vscode-langservers-extracted
typescript
# jsonnet-language-server
# jsonnet
lazygit
ltex-ls-plus # languagetool
tinymist # typst lsp
]);
programs.helix = {
@ -108,7 +107,8 @@ in
keys = {
normal = {
space."=" = ":fmt";
"C-g" = ":sh tmux popup -d \"#{pane_current_path}\" -xC -yC -w80%% -h80%% -E lazygit";
"C-g" =
":sh tmux popup -d \"#{pane_current_path}\" -xC -yC -w80%% -h80%% -E lazygit";
"C-t" = ":sh tmux split-window -v -l '35%%'";
"C-h" = ":sh tmux select-pane -t '{left-of}'";
"C-l" = ":sh tmux select-pane -t '{right-of}'";
@ -143,114 +143,34 @@ in
language-server.csharp = {
command = "csharp-language-server";
};
language-server.ltex = {
command = "ltex-ls-plus";
config = {
additionalRules.motherTongue = "de-DE";
additionalRules.enablePickyRules = true;
language = [
"en-US"
"de-DE"
];
language-server.codebook = {
command = "codebook-lsp";
args = ["serve"];
};
};
language-server.tinymist = {
command = "tinymist";
};
# language-server.nil = {
# command = "nil";
# config.nil.nix = {
# maxMemoryMB = 5120;
# flake = {
# autoEvalInputs = true;
# autoArchive = true;
# };
# };
# };
language =
let
applySingleConfig =
languages: config:
let
applied =
foldl'
(
acc: l:
if (any (x: l.name == x) config.languages) then
{
done = acc.done ++ [
(mkMerge [
l
config.conf
])
];
notFound = filter (x: x != l.name) acc.notFound;
}
else
{
done = acc.done ++ [ l ];
notFound = acc.notFound;
}
)
{
done = [ ];
notFound = config.languages;
}
languages;
in
applied.done ++ (map (x: { name = x; } // config.conf) applied.notFound);
applyConfs = lspConfs: languages: foldl' applySingleConfig languages lspConfs;
in
applyConfs
[
{
languages = [
"typescript"
"javascript"
"jsx"
"tsx"
];
conf = {
language = flatten [
(map
(x: {
name = x;
language-servers = [
"typescript-language-server"
"eslint"
];
};
}
{
languages = [
"markdown"
"typst"
"bibtex"
"comment"
"latex"
"html"
];
conf = {
language-servers = [
"ltex"
];
};
}
]
#formatter = { command = "dprint"; args = [ "fmt" "--stdin" x ]; };
# formatter = { command = "prettier"; args = [ "--parser" "typescript" ]; };
})
[
"typescript"
"javascript"
"jsx"
"tsx"
]
)
{
name = "__common__";
scope = "source.__common__";
file-types = [ ];
language-servers = [
"ltex"
];
name = "nix";
formatter = {
command = "nixpkgs-fmt";
};
}
# {
# name = "nix";
# language-servers = [
# "nixd"
# ];
# formatter = {
# command = "nixpkgs-fmt";
# };
# }
{
name = "python";
language-servers = [
@ -260,15 +180,7 @@ in
}
{
name = "markdown";
language-servers = [
"markdown-oxide"
];
}
{
name = "typst";
language-servers = [
"tinymist"
];
language-servers = ["codebook"];
}
{
name = "c-sharp";

5
hm-modules/mpv.nix
View file

@ -14,11 +14,6 @@ in
programs.mpv = {
enable = true;
scripts = with pkgs.mpvScripts; [ mpv-webm sponsorblock ];
config = {
profile = "gpu-hq";
ytdl-format = "bestvideo[width<=1920]+bestaudio";
cache-secs = 1200;
};
};
};

36
instances/ds9/configuration.nix Normal file
View file

@ -0,0 +1,36 @@
{
config,
pkgs,
lib,
...
}:
{
nixpkgs.system = "x86_64-linux";
imports = [
./hardware-configuration.nix
./services/attic.nix
./services/immich.nix
./services/jellyfin.nix
./services/paperless.nix
./services/ytdl-sub.nix
];
time.timeZone = "Europe/Berlin";
networking.hostId = "7b4c2932";
xyno.presets.cli.enable = true;
xyno.presets.server.enable = true;
xyno.services.wireguard.enable = true;
xyno.services.caddy.enable = true;
xyno.services.monitoring.enable = true;
xyno.services.authentik.enable = true;
xyno.presets.home-manager.enable = true;
xyno.system.user.enable = true;
xyno.networking.networkd = {
enable = true;
};
system.stateVersion = "24.11";
}

11
instances/ds9/default.nix Normal file
View file

@ -0,0 +1,11 @@
{
imports = [ ./configuration.nix ];
xyno.services.monitoring.prometheusServer = true;
xyno.meta = {
sopsKey = "fada7e7be28e186e463ad745a38d17f36849d8a7";
};
xyno.services.wireguard.pubKey = "aZvSeAhKG3B5I2My5IqQoSlntMzbCHM6OU92WEScohc=";
deployment = {
targetHost = "ds9.hailsatan.eu";
};
}

59
instances/ds9/hardware-configuration.nix Normal file
View file

@ -0,0 +1,59 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [ "${modulesPath}/installer/scan/not-detected.nix" ];
boot.lanzaboote = {
enable = true;
pkiBundle = "/var/lib/sbctl";
};
boot.loader.systemd-boot.enable = lib.mkForce false;
boot.initrd.availableKernelModules = [ "r8169" "ahci" "vfio-pci" "xhci_pci" "ehci_pci" "nvme" "usbhid" "sd_mod" "sr_mod" ];
boot.kernelModules = [ "kvm-amd" ];
nix.settings.max-jobs = lib.mkDefault 12;
powerManagement.powertop.enable = true;
powerManagement.cpuFreqGovernor = "powersave";
powerManagement.scsiLinkPolicy = "min_power";
services.zfs.autoScrub.enable = true;
services.sanoid.datasets."rpool/content/safe/data/media" = { };
services.sanoid.enable = true;
services.sanoid.interval = "0/8:00:00";
swapDevices = [{ device = "/dev/disk/by-id/nvme-eui.000000000000000100a075202c247839-part1"; randomEncryption = true; }];
fileSystems."/boot".device = "/dev/disk/by-uuid/149F-23AA";
fileSystems."/" = {
device = "spool/safe/persist";
fsType = "zfs";
};
fileSystems."/nix" = {
device = "spool/local/nix";
fsType = "zfs";
};
fileSystems."/var/log" = {
device = "spool/local/journal";
fsType = "zfs";
};
fileSystems."/data" = {
device = "rpool/content/safe/data";
fsType = "zfs";
};
fileSystems."/data/media" = {
device = "rpool/content/safe/data/media";
fsType = "zfs";
};
fileSystems."/backups" = {
device = "rpool/content/local/backups";
fsType = "zfs";
};
}

0
instances/nemesis/secrets/atticd.yaml → instances/ds9/secrets/atticd.yaml
View file

0
instances/nemesis/secrets/authentik.yaml → instances/ds9/secrets/authentik.yaml
View file

0
instances/nemesis/secrets/wg.yaml → instances/ds9/secrets/wg.yaml
View file

0
instances/nemesis/secrets/woodpecker.yaml → instances/ds9/secrets/woodpecker.yaml
View file

0
instances/nemesis/services/attic.nix → instances/ds9/services/attic.nix
View file

0
instances/nemesis/services/immich.nix → instances/ds9/services/immich.nix
View file

0
instances/nemesis/services/jellyfin.nix → instances/ds9/services/jellyfin.nix
View file

0
instances/nemesis/services/paperless.nix → instances/ds9/services/paperless.nix
View file

0
instances/nemesis/services/woodpecker.nix → instances/ds9/services/woodpecker.nix
View file

0
instances/nemesis/services/ytdl-sub.nix → instances/ds9/services/ytdl-sub.nix
View file

79
instances/nemesis/configuration.nix
View file

@ -1,79 +0,0 @@
{
config,
pkgs,
lib,
inputs,
...
}:
{
nixpkgs.system = "x86_64-linux";
imports = [
./hardware-configuration.nix
# ./services/attic.nix
# ./services/immich.nix
# ./services/jellyfin.nix
# ./services/paperless.nix
# ./services/ytdl-sub.nix
];
time.timeZone = "Europe/Berlin";
networking.hostId = "7b4c2932";
containers.ds9 = {
autoStart = true;
privateNetwork = true;
enableTun = true;
additionalCapabilities = [
"CAP_NET_ADMIN"
"CAP_MKNOD"
"CAP_BPF"
"CAP_DAC_READ_SEARCH"
"CAP_SYS_RESOURCE"
"CAP_SYS_ADMIN"
];
hostAddress = "192.168.100.10";
localAddress = "192.168.100.11";
path = inputs.oldConf.nixosConfigurations.ds9.config.system.build.toplevel;
bindMounts = {
"/data" = {
hostPath = "/data";
isReadOnly = false;
};
"/backup" = {
hostPath = "/backup";
isReadOnly = false;
};
"/persistent" = {
hostPath = "/oldds9/persistent";
isReadOnly = false;
};
};
};
networking.nat.enable = true;
networking.nat.internalInterfaces = [ "ve-+" ];
networking.nat.externalInterface = "enp1s0f1"; # TODO: changeme
xyno.services.traefik = {
enable = true;
simpleProxy.oldds9 = {
host = "*.hailsatan.eu";
internal = "http://192.168.100.11";
};
};
xyno.presets.cli.enable = true;
xyno.presets.server.enable = true;
# xyno.services.wireguard.enable = true;
# xyno.services.caddy.enable = true;
# xyno.services.monitoring.enable = true;
# xyno.services.authentik.enable = true;
xyno.presets.home-manager.enable = true;
xyno.system.user.enable = true;
xyno.networking.networkd = {
enable = true;
};
system.stateVersion = "25.11";
}

11
instances/nemesis/default.nix
View file

@ -1,11 +0,0 @@
{
imports = [ ./configuration.nix ];
# xyno.services.monitoring.prometheusServer = true;
xyno.meta = {
sopsKey = "fada7e7be28e186e463ad745a38d17f36849d8a7";
};
# xyno.services.wireguard.pubKey = "aZvSeAhKG3B5I2My5IqQoSlntMzbCHM6OU92WEScohc=";
deployment = {
targetHost = "nemesis.xyno.systems";
};
}

128
instances/nemesis/hardware-configuration.nix
View file

@ -1,128 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [ "${modulesPath}/installer/scan/not-detected.nix" ];
boot.lanzaboote = {
enable = true;
pkiBundle = "/var/lib/sbctl";
};
boot.loader.systemd-boot.enable = lib.mkForce false;
boot.initrd.availableKernelModules = [
"r8169"
"ahci"
"vfio-pci"
"xhci_pci"
"ehci_pci"
"nvme"
"usbhid"
"sd_mod"
"sr_mod"
];
boot.kernelModules = [ "kvm-amd" ];
nix.settings.max-jobs = lib.mkDefault 12;
powerManagement.powertop.enable = true;
powerManagement.cpuFreqGovernor = "powersave";
powerManagement.scsiLinkPolicy = "min_power";
services.zfs.autoScrub.enable = true;
services.sanoid.datasets."rpool/content/safe/data/media" = { };
services.sanoid.datasets."rpool/content/safe/data" = { };
services.sanoid.datasets."spool/nemesis/persistent" = { };
services.sanoid.enable = true;
services.sanoid.interval = "0/8:00:00";
boot.initrd.systemd = {
enable = true;
};
boot.initrd.network = {
enable = true;
postCommands = ''
zpool import rpool
zpool import spool
echo "zfs load-key -a; killall zfs" >> /root/.profile
'';
ssh = {
enable = true;
port = 2222;
hostKeys = [
"/persistent/initrd/ssh_host_rsa_key"
"/persistent/initrd/ssh_host_ed25519_key"
];
authorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID/oMAi5jyQsNohfhcSH2ItisTpBGB0WtYTVxJYKKqhj" # TODO
];
};
};
# swapDevices = [
# {
# device = "/dev/disk/by-id/nvme-eui.000000000000000100a075202c247839-part1";
# randomEncryption = true;
# }
# ];
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/149F-23AA";
fsType = "vfat";
options = [
"noauto"
"x-systemd.automount"
];
};
zramSwap.enable = true;
zramSwap.writebackDevice = "/dev/zvol/spool/nemesis/zswap";
fileSystems."/persistent/var/lib/postgres" = { # has things of https://wiki.archlinux.org/title/ZFS#Databases set
device = "spool/nemesis/postgres";
fsType = "zfs";
};
fileSystems."/persistent" = {
device = "spool/nemesis/persistent";
fsType = "zfs";
};
fileSystems."/var/log" = {
device = "spool/nemesis/varlog";
fsType = "zfs";
};
fileSystems."/nix" = {
device = "spool/local/nix";
fsType = "zfs";
};
fileSystems."/data" = {
device = "rpool/content/safe/data";
fsType = "zfs";
};
fileSystems."/data/media" = {
device = "rpool/content/safe/data/media";
fsType = "zfs";
};
fileSystems."/backups" = {
device = "rpool/content/local/backups";
fsType = "zfs";
};
fileSystems."/oldds9/persistent" = {
device = "spool/safe/persist";
fsType = "zfs";
};
fileSystems."/oldds9/varlog" = {
device = "spool/local/journal";
fsType = "zfs";
};
}

34
instances/theseus/configuration.nix
View file

@ -12,35 +12,6 @@ let
'';
in
{
# containers.podmantest = {
# privateNetwork = true;
# enableTun = true;
# additionalCapabilities = [
# "CAP_NET_ADMIN"
# "CAP_MKNOD"
# "CAP_BPF"
# "CAP_DAC_READ_SEARCH"
# "CAP_SYS_RESOURCE"
# "CAP_SYS_ADMIN"
# ];
# hostAddress = "192.168.100.10";
# localAddress = "192.168.100.11";
# config =
# { ... }:
# {
# virtualisation.oci-containers.containers.test = {
# image = "docker.io/library/nginx";
# ports = [
# "80:80"
# "443:443"
# ];
# };
# };
# };
# networking.nat.enable = true;
# networking.nat.internalInterfaces = [ "ve-+" ];
# networking.nat.externalInterface = "enp195s0f4u1u3";
nixpkgs.system = "x86_64-linux";
imports = [ ./hardware-configuration.nix ];
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
@ -77,7 +48,7 @@ in
pandoc
tectonic
rquickshare
unstable.supersonic-wayland
supersonic-wayland
nheko
anki-bin
gimp3
@ -93,15 +64,14 @@ in
time.timeZone = "Europe/Berlin";
# orcaslicer
networking.firewall.allowedTCPPorts = [
1880
2021
4711
];
networking.firewall.allowedUDPPorts = [
1880
5353
2021
];

2
instances/theseus/hardware-configuration.nix
View file

@ -16,7 +16,7 @@
"${inputs.nixos-hardware}/framework/13-inch/7040-amd"
];
hardware.framework.laptop13.audioEnhancement.enable = true;
hardware.framework.laptop13.audioEnhancement.hideRawDevice = false;
# hardware.framework.laptop13.audioEnhancement.hideRawDevice = false;
services.fwupd.enable = true;
boot.initrd.availableKernelModules = [

32
modules/desktop/audio.nix
View file

@ -229,39 +229,9 @@ in
];
};
};
configPackages = [
(pkgs.writeTextDir "share/pipewire/pipewire.conf.d/snapcast-discover.conf" ''
context.modules = [
{
name = libpipewire-module-snapcast-discover
args = {
snapcast.discover-local = true
stream.rules = [
{
matches = [
{
snapcast.ip = "~.*"
}
]
actions = {
create-stream = {
# node.name = "Snapcast"
# snapcast.stream-name = "default"
}
}
}
]
}
}
]
'')
];
wireplumber.extraConfig."98-bluetooth"."wireplumber.settings"."bluetooth.autoswitch-to-headset-profile" =
false;
wireplumber.configPackages = mapAttrsToList (n: v: eqPkg v) cfg.eq ++ [
];
wireplumber.configPackages = mapAttrsToList (n: v: eqPkg v) cfg.eq;
};
};

27
modules/desktop/fcitx5.nix Normal file
View file

@ -0,0 +1,27 @@
{
pkgs,
config,
lib,
...
}:
let
cfg = config.xyno.desktop.fcitx5;
in
{
options.xyno.desktop.fcitx5.enable = lib.mkEnableOption "enable fcitx5 input daemon thing";
config = lib.mkIf cfg.enable {
i18n.inputMethod = {
type = "fcitx5";
enable = true;
fcitx5.addons = with pkgs; [
fcitx5-table-other
];
fcitx5.waylandFrontend = true;
fcitx5.quickPhrase = {
":pleading:" = "🥺";
":pointing_right:" = "👉";
":pointing_left:" = "👈";
};
};
};
}

81
modules/desktop/ibus.nix
View file

@ -1,81 +0,0 @@
{
pkgs,
config,
lib,
...
}:
with lib;
let
cfg = config.xyno.desktop.ibus;
in
{
options.xyno.desktop.ibus.enable = mkEnableOption "enable ibus input daemon thing";
options.xyno.desktop.ibus.wantedBy = mkOption {
type = types.str;
default = "niri.service";
};
config = mkIf cfg.enable {
services.libinput.enable = true;
# just... enable ibus as input method and maybe now we have consistent unicode input everywhere
# fuck qt tbh
i18n.inputMethod = {
enable = true;
package = pkgs.ibus-patched;
# ibus.engines = with pkgs.ibus-engines; [ uniemoji ];
};
# home-manager.sharedModules = [
# (
# { lib, ... }:
# {
# dconf.settings = {
# "org/gnome/desktop/input-sources" = {
# sources = [
# (lib.hm.gvariant.mkTuple [
# "xkb"
# "us"
# ])
# (lib.hm.gvariant.mkTuple [
# "ibus"
# "libpinyin"
# ])
# (lib.hm.gvariant.mkTuple [
# "ibus"
# "mozc-jp"
# ])
# ];
# };
# };
# }
# )
# ];
systemd.user.services."org.freedesktop.IBus.session.generic".wantedBy = [ cfg.wantedBy ];
systemd.packages = [ pkgs.ibus-patched ];
# systemd.user.services.ibus =
# let
# ibusPackage = config.i18n.inputMethod.package;
# in
# assert hasPrefix "ibus-with-plugins" ibusPackage.name;
# {
# # panel is weird...
# # default is ${ibusPackage}/libexec/ibus-ui-gtk3 which works but sends a notification that it's misconfigured
# # wayland support can be enabled with --enable-wayland-im but that segfaults (possible due to zwp_input_method_v1 not being available?)
# script = ''
# exec ${ibusPackage}/bin/ibus-daemon --xim --replace --panel '${ibusPackage}/libexec/ibus-ui-gtk3'
# '';
# serviceConfig = {
# Type = "dbus";
# BusName = "org.freedesktop.IBus";
# Restart = "on-abnormal";
# };
# unitConfig = {
# CollectMode = "inactive-or-failed";
# };
# # yeah we hardcoding this now, fuck it
# wantedBy = [ cfg.wantedBy ];
# partOf = [ "graphical-session.target" ];
# };
};
}

21
modules/desktop/niri.nix
View file

@ -14,8 +14,6 @@ let
"KeePassXC"
"org.gnome.NautilusPreviewer"
"io.github.Qalculate.qalculate-qt"
"ibus-ui-emojier"
"ibus-ui-gtk3"
];
matchFloat = concatStringsSep "\n" (
map (x: ''
@ -54,8 +52,7 @@ in
value = 1;
}
];
home-manager.sharedModules = [
(
home-manager.users.${config.xyno.system.user.name} = mkIf config.xyno.presets.home-manager.enable (
{ ... }:
{
xyno.dark-theme.enable = true;
@ -68,8 +65,7 @@ in
# save_mode = suggested
# '';
}
)
];
);
xdg.portal = {
extraPortals = [
@ -92,16 +88,7 @@ in
environment.systemPackages = with pkgs; [
playerctl
xwayland-satellite
nirius
];
systemd.user.services.niriusd = {
unitConfig.PartOf = "graphical-session.target";
unitConfig.After = "graphical-session.target";
unitConfig.Requisite = "graphical-session.target";
serviceConfig.Restart = "on-failure";
wantedBy = [ "niri.service" ];
script = "exec ${pkgs.nirius}/bin/niriusd";
};
programs.niri.enable = true;
environment.etc."niri/config.kdl".mode = "444"; # copy file so niri detects changes
environment.etc."niri/config.kdl".text = ''
@ -118,15 +105,11 @@ in
Mod+T { spawn "${cfg.term}" "tmux" "new-session" "-t" "main"; }
Mod+Shift+T { spawn "${cfg.term}"; }
Mod+Y { spawn "${cfg.term}" "--app-id" "floating-alacritty" "-W" "120x37" "yazi"; }
Mod+Shift+M { spawn "sh" "-c" "notify-send -t 3000 -a umpv umpv-paste $(wl-paste); umpv $(wl-paste)"; }
Mod+P { spawn "keepassxc"; }
Mod+S { spawn "qalculate-qt"; }
Mod+Shift+N { spawn "makoctl" "dismiss" "-a"; }
Mod+N { spawn "makoctl" "dismiss"; }
Mod+E { spawn "makoctl" "menu" "fuzzel -d"; }
Mod+G { spawn "nirius" "toggle-follow-mode"; }
Mod+Shift+bracketleft { spawn "nirius" "scratchpad-show"; }
Mod+Shift+bracketright { spawn "nirius" "scratchpad-toggle"; }
XF86AudioRaiseVolume allow-when-locked=true { spawn "wpctl" "set-volume" "@DEFAULT_AUDIO_SINK@" "0.03+"; }
XF86AudioLowerVolume allow-when-locked=true { spawn "wpctl" "set-volume" "@DEFAULT_AUDIO_SINK@" "0.03-"; }
XF86AudioMute allow-when-locked=true { spawn "wpctl" "set-mute" "@DEFAULT_AUDIO_SINK@" "toggle"; }

3
modules/desktop/waybar/cal.nix
View file

@ -24,14 +24,13 @@ let
UNTIL="1d"
EVENT="$(
(khal list "$SINCE" "$UNTIL" \
khal list "$SINCE" "$UNTIL" \
--day-format 'SKIPME' \
--format "{start-end-time-style} {title:.31}{repeat-symbol}" |
grep -v SKIPME | # filter out headers
grep -v -P '| |' | # filter out continuing all day events
grep -v '^ ' | # exclude full-day events
head -n 1 # show just the first
) || echo ""
)"
if [ -z "$EVENT" ]; then

11
modules/module-list.nix
View file

@ -5,9 +5,9 @@
./desktop/audio.nix
./desktop/common-programs.nix
./desktop/easyeffects.nix
./desktop/fcitx5.nix
./desktop/foot.nix
./desktop/fuzzel.nix
./desktop/ibus.nix
./desktop/mako.nix
./desktop/niri.nix
./desktop/shikane.nix
@ -21,18 +21,17 @@
./presets/common.nix
./presets/development.nix
./presets/gui.nix
./presets/home-manager.nix
./presets/server.nix
# ./services/authentik
# ./services/caddy
./services/traefik.nix
./presets/home-manager.nix
./services/authentik
./services/caddy
./services/monitoring.nix
./services/wireguard.nix
./system/impermanence.nix
./system/meta.nix
./system/user.nix
./to-upstream/fido2-hid-bridge.nix
./user-services/khal.nix
./user-services/syncthing.nix
./to-upstream/fido2-hid-bridge.nix
]

13
modules/presets/cli.nix
View file

@ -1,6 +1,5 @@
{
config,
inputs,
lib,
pkgs,
...
@ -45,11 +44,6 @@ in
LC_COLLATE = "de_DE.UTF-8";
};
nix.channel.enable = false;
nix.nixPath = [
"nixpkgs=${inputs.nixpkgs}"
"nixpkgs-master=${inputs.nixpkgs-master}"
];
nix.settings = {
substituters = [
# "https://cache.lix.systems"
@ -61,7 +55,6 @@ in
# "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o="
# "helix.cachix.org-1:ejp9KQpR1FBI2onstMQ34yogDm4OgU2ru6lIwPvuCVs="
];
trusted-users = lib.mkDefault [
"root"
"@wheel"
@ -137,7 +130,7 @@ in
imagemagick
jq
lm_sensors
moor
moar
neofetch
nix-output-monitor
poppler
@ -152,7 +145,7 @@ in
programs.mosh.enable = true;
environment.variables.EDITOR = "hx";
environment.variables.VISUAL = "hx";
environment.variables.PAGER = "moor";
environment.variables.PAGER = "moar";
environment.shellAliases = {
l = "ls -alh";
@ -168,7 +161,7 @@ in
p = "cd ~/proj";
ytl = ''yt-dlp -f "bv*+mergeall[vcodec=none]" --audio-multistreams'';
sudo = "run0";
less = "moor";
less = "moar";
};
};
}

93
modules/presets/gui.nix
View file

@ -1,7 +1,6 @@
{
pkgs,
config,
inputs,
lib,
...
}:
@ -22,7 +21,6 @@ in
pkgs.yubikey-personalization
];
xyno.desktop.niri.enable = true;
xyno.desktop.ibus.enable = true;
xyno.desktop.audio.enable = mkDefault true;
xyno.user-services.khal.enable = true;
boot.kernelPackages = mkDefault pkgs.linuxPackages_zen;
@ -42,60 +40,9 @@ in
qt = {
enable = true;
platformTheme = "qt5ct";
style = "breeze";
# platformTheme = "gnome";
};
home-manager.sharedModules =
let
gruvboxDarkColors = pkgs.writeText "gruvbox-dark.conf" ''
[ColorScheme]
active_colors=#ffebdbb2, #ff1d2021, #ffbdae93, #ffa89984, #ff3c3836, #ff504945, #ffebdbb2, #ffebdbb2, #ffebdbb2, #ff282828, #ff1d2021, #ff504945, #ff458588, #ff282828, #ff458588, #ffcc241d, #ff282828, #ffebdbb2, #ff1d2021, #ffebdbb2, #ffbdae93
disabled_colors=#ffbdae93, #ff1d2021, #ffbdae93, #ffa89984, #ff3c3836, #ff504945, #ffbdae93, #ffbdae93, #ffbdae93, #ff282828, #ff1d2021, #ff504945, #ff438184, #ff3c3836, #ff458588, #ffcc241d, #ff282828, #ffebdbb2, #ff1d2021, #ffebdbb2, #ffbdae93
inactive_colors=#ffebdbb2, #ff1d2021, #ffbdae93, #ffa89984, #ff3c3836, #ff504945, #ffebdbb2, #ffebdbb2, #ffebdbb2, #ff282828, #ff1d2021, #ff504945, #ff438184, #ffa89984, #ff458588, #ffcc241d, #ff282828, #ffebdbb2, #ff1d2021, #ffebdbb2, #ffbdae93
'';
qt5ctConf = pkgs.writeText "qt5ct.conf" ''
[Appearance]
color_scheme_path=${gruvboxDarkColors}
custom_palette=true
icon_theme=breeze-dark
standard_dialogs=xdgdesktopportal
style=Breeze
[Fonts]
fixed="Source Sans 3,12,-1,5,50,0,0,0,0,0"
general="Source Sans 3,12,-1,5,50,0,0,0,0,0"
'';
in
[
{
home.file.".config/qt5ct/qt5ct.conf".source = qt5ctConf;
home.file.".config/qt6ct/qt6ct.conf".source = qt5ctConf;
dconf = {
settings = {
"org/gnome/desktop/interface" = {
color-scheme = "prefer-dark";
gtk-theme = "adw-gtk3-dark";
};
};
};
gtk = {
enable = true;
iconTheme.name = "breeze-dark";
gtk4.extraConfig.gtk-application-prefer-dark-theme = 1;
gtk3.extraConfig.gtk-application-prefer-dark-theme = 1;
gtk3.theme.package = pkgs.adw-gtk3;
gtk3.theme.name = "adw-gtk3-dark";
gtk3.extraCss = ''
@import url("${inputs.adw-colors}/themes/adw-gruvbox/gtk3-dark.css");
'';
gtk4.extraCss = ''
@import url("${inputs.adw-colors}/themes/adw-gruvbox/gtk4-dark.css");
'';
};
}
];
programs.yazi = {
settings.keymap.mgr.prepend_keymap = [
@ -123,34 +70,11 @@ in
# enable the gnome shit
services.gnome.gnome-keyring.enable = true;
services.gnome.gnome-online-accounts.enable = true;
environment.systemPackages = with pkgs; [
gnome-calendar
gnome-clocks
gnome-font-viewer
mate.engrampa
papirus-folders
kdePackages.gwenview
kdePackages.skanlite
kdePackages.okular
kdePackages.breeze-gtk
kdePackages.breeze.qt5
kdePackages.breeze
kdePackages.breeze-icons
nautilus # for xdg portal
];
services.gnome.core-apps.enable = true;
services.gnome.gcr-ssh-agent.enable = mkForce false;
# services.gnome.sushi.enable = true;
services.gnome.sushi.enable = true;
services.gnome.gnome-settings-daemon.enable = true;
programs.thunar = {
enable = true;
plugins = with pkgs.xfce; [
thunar-archive-plugin
thunar-volman
];
};
services.tumbler.enable = true; # thunar image preview
services.gvfs.enable = true; # thunar network device mount
services.gvfs.enable = true;
xdg.terminal-exec = {
enable = true;
@ -186,6 +110,13 @@ in
# };
};
environment.systemPackages = with pkgs; [
kdePackages.breeze-gtk
kdePackages.breeze.qt5
kdePackages.breeze
kdePackages.breeze-icons
];
# fonts
fonts.fontconfig.defaultFonts = {
sansSerif = [

105
modules/services/caddy/default.nix
View file

@ -7,10 +7,30 @@
with lib;
let
cfg = config.xyno.services.caddy;
schema = import ./json-schema.nix {
inherit pkgs lib;
schema = builtins.fromJSON (builtins.readFile ./caddy_schema.json);
wildcardMatcherStr = wildcard: hostName: content: ''
@${hostName} host ${hostName}.${wildcard}
handle @${hostName} {
${content.extraConfig}
}
'';
genOneWildcard = wildcard: host: {
extraConfig = ''
# extra pre
${host.extraConfigPre}
# block bots
${optionalString host.blockBots "import blockBots"}
# hosts handler
${concatStrings (mapAttrsToList (n: v: wildcardMatcherStr wildcard n v) host.hosts)}
# extra post
${host.extraConfigPost}
abort
'';
};
genVHostsFromWildcard = mapAttrs' (
n: v: nameValuePair "*.${n}" (genOneWildcard n v)
) cfg.wildcardHosts;
schema = import ./json-schema.nix { inherit pkgs lib; schema = builtins.fromJSON (builtins.readFile ./caddy_schema.json); };
in
{
options.xyno.services.caddy.enable = mkEnableOption "enables caddy with the desec plugin";
@ -18,38 +38,75 @@ in
default = {};
type = schema.type;
};
options.xyno.services.caddy.wildcardHosts = mkOption {
example = {
"hailsatan.eu" = {
blockBots = true;
hosts.md.extraConfig = ''reverse_proxy ...'';
};
};
default = { };
type =
with types;
attrsOf (submodule {
options = {
blockBots = mkOption {
type = bool;
default = false;
};
extraConfigPre = mkOption {
type = str;
default = "";
};
extraConfigPost = mkOption {
type = str;
default = "";
};
hosts = mkOption {
default = {};
type = attrsOf (submodule {
options = {
extraConfig = mkOption { type = lines; };
};
});
};
};
});
};
config = lib.mkIf cfg.enable {
networking.firewall.allowedTCPPorts = [
80
443
];
networking.firewall.allowedUDPPorts = [ 443 ];
xyno.services.caddy.config = {
apps = {
http.metrics.per_host = true;
tls.automation.policies = [
{
issuers = [
{
ca = "https://acme-v02.api.letsencrypt.org/directory";
challenges.dns.provider = {
name = "desec";
token.path = ""; # TODO
};
}
];
module = "acme";
}
];
};
};
services.caddy = {
enable = true;
package = pkgs.caddy-desec;
adapter = "json";
configFile = json.generate "caddy-config.json" cfg.config;
# virtualHosts = genVHostsFromWildcard;
# email = mkDefault "ssl@xyno.systems";
# acmeCA = mkDefault "https://acme-v02.api.letsencrypt.org/directory";
# globalConfig = ''
# metrics {
# per_host
# }
# '';
# extraConfig = ''
# (blockBots) {
# @botForbidden header_regexp User-Agent "(?i)AdsBot-Google|Amazonbot|anthropic-ai|Applebot|Applebot-Extended|AwarioRssBot|AwarioSmartBot|Bytespider|CCBot|ChatGPT|ChatGPT-User|Claude-Web|ClaudeBot|cohere-ai|DataForSeoBot|Diffbot|FacebookBot|Google-Extended|GPTBot|ImagesiftBot|magpie-crawler|omgili|Omgilibot|peer39_crawler|PerplexityBot|YouBot"
# handle @botForbidden {
# redir https://hil-speed.hetzner.com/10GB.bin
# }
# handle /robots.txt {
# respond <<TXT
# User-Agent: *
# Disallow: /
# TXT 200
# }
# }
# '';
};
xyno.services.monitoring.exporters.caddy = 2019;

8
modules/services/caddy/json-schema.nix
View file

@ -36,11 +36,6 @@ let
in
result;
deref = x: if x ? "$ref" then getRef x."$ref" else x;
fileSubmod = types.submodule {
options.path = mkOption {
type = types.pathWith { inStore = false; absolute = true; };
};
};
buildOptionType =
{
spec,
@ -48,8 +43,7 @@ let
...
}:
let
strType = if spec ? enum then types.enum spec.enum else (types.either types.str fileSubmod);
strType = if spec ? enum then types.enum spec.enum else types.str;
objType = types.submodule {
freeformType = json.type;
options = submoduleOptions { inherit spec depth; };

10
modules/services/monitoring.nix
View file

@ -9,11 +9,7 @@ with lib;
let
cfg = config.xyno.services.monitoring;
firstInstanceWithPromServer =
if cfg.prometheusServer then
config.networking.hostName
else
(builtins.head (
firstInstanceWithPromServer = if cfg.prometheusServer then config.networking.hostName else (builtins.head (
attrValues (filterAttrs (n: v: v.config.xyno.services.monitoring.prometheusServer) (otherNodes))
)).config.networking.hostName;
vmBasicAuthUsername = "xyno-monitoring";
@ -88,9 +84,7 @@ in
];
};
services.grafana.declarativePlugins = with pkgs.grafanaPlugins; [
victoriametrics-metrics-datasource
];
services.grafana.declarativePlugins = with pkgs.grafanaPlugins; [ victoriametrics-metrics-datasource ];
})
];

178
modules/services/traefik.nix
View file

@ -1,178 +0,0 @@
{
pkgs,
lib,
config,
...
}:
let
cfg = config.xyno.services.traefik;
simpleProxyOpts = lib.mapAttrsToList (
n: v:
let
router = "simpleproxy-${n}-router";
service = "simpleproxy-${n}-service";
spl = lib.splitString "." v.host;
certDomain =
if (builtins.length spl) > 2 then lib.concatStringsSep "." (builtins.tail spl) else spl;
in
{
routers."${router}-robotstxt" = {
service = "robotstxt";
rule = "Host(`${v.host}`) && Path(`/robots.txt`)";
tls.domains = [
{
main = certDomain;
sans = [ "*.${certDomain}" ];
}
];
};
routers.${router} = {
inherit service;
rule = "Host(`${v.host}`)";
tls.domains = [
{
main = certDomain;
sans = [ "*.${certDomain}" ];
}
];
};
services.${service} = {
loadBalancer.servers = [
{ url = v.internal; }
];
};
services.robotstxt = {
loadBalancer.servers = [
{ url = "http://127.0.0.2"; }
];
};
}
) cfg.simpleProxy;
in
{
options.xyno.services.traefik.enable = lib.mkEnableOption "enables traefik";
options.xyno.services.traefik.noBots = lib.mkOption {
type = lib.types.bool;
default = true;
};
options.xyno.services.traefik.simpleProxy = lib.mkOption {
example = {
"example" = {
host = "example.org";
middlewares = [ "meow" ];
internal = "http://127.0.0.1:8080";
};
};
default = { };
type = lib.types.attrsOf (
lib.types.submodule {
options = {
middlewares = lib.mkOption {
type = lib.types.nullOr (lib.types.listOf lib.types.str);
};
internal = lib.mkOption {
type = lib.types.str;
};
host = lib.mkOption {
type = lib.types.str;
};
};
}
);
};
config = lib.mkIf cfg.enable {
services.nginx = {
enable = lib.mkIf cfg.noBots true;
defaultListenAddresses = lib.mkIf cfg.noBots [ "127.0.0.2" ];
virtualHosts.localhost.locations."/".root = pkgs.runCommand "nginx-robots" ''
mkdir $out
echo "User-Agent: *\nDisallow: /" > $out/robots.txt
'';
};
services.traefik = {
enable = true;
environmentFiles = [
config.sops.templates."traefik.env".path
];
staticConfigOptions = {
metrics = lib.mkIf config.xyno.services.monitoring.enable {
otlp.http.endpoint = "http://localhost:8429/v1/metrics";
};
entryponts.web = {
address = ":80";
redirections.entryPoint = {
to = "websecure";
scheme = "https";
permanent = true;
};
};
entryponts.websecure = {
address = ":443";
tls.certResolver = "letsencrypt";
http3 = { };
};
log.level = "INFO";
certificatesResolvers.letsencrypt.acme = {
email = "ssl@xyno.systems";
caServer = "https://acme-v02.api.letsencrypt.org/directory";
dnsChallenge = {
provider = "desec";
};
};
};
dynamicConfigOptions = {
http = lib.mkMerge simpleProxyOpts;
tls.options.default = {
# mozilla modern
minVersion = "VersionTLS13";
curvePreferences = [
"X25519"
"CurveP256"
"CurveP384"
];
};
tls.options.old = {
# mozilla intermediate
minVersion = "VersionTLS12";
curvePreferences = [
"X25519"
"CurveP256"
"CurveP384"
];
cipherSuites = [
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305"
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305"
];
};
};
};
networking.firewall.allowedTCPPorts = [
80
443
];
networking.firewall.allowedUDPPorts = [ 443 ];
xyno.impermanence.directories = [ config.services.traefik.dataDir ];
sops.secrets."desec_token" = {
};
sops.templates."traefik.env".content = ''
DESEC_TOKEN=${config.sops.placeholder.desec_token}
DESEC_PROPAGATION_TIMEOUT=1200
'';
sops.templates."traefik.env".reloadUnits = [ "traefik.service" ];
# services.borgmatic.settings.traefikql_databases = [
# {
# name = "all"; # gets run as root anyways so can log in
# }
# ];
};
}

14
overlays/default.nix
View file

@ -27,16 +27,16 @@ inputs: self: super: {
fido2-hid-bridge = super.callPackage ../packages/fido2-hid-bridge.nix {};
python-uhid = super.callPackage ../packages/uhid.nix {};
caddy-desec = super.callPackage ../packages/caddy-desec.nix {};
ibus-patched = super.unstable.ibus.overrideAttrs (old: {
patches = old.patches ++ [
# (builtins.head old.patches)
# (builtins.head (builtins.tail old.patches))
# todo: remove on next supersonic release
supersonic-wayland = super.supersonic-wayland.overrideAttrs (old: {
patches = (if old?patches then old.patches else []) ++ [
(self.fetchpatch2 {
url = "https://github.com/ibus/ibus/commit/dde00b1b689037e70d79a703aa028f7c3de289e2.patch";
hash = "sha256-Q5XANWsN7f9Kcno8Icgn8wlXL489YlcrlUrqeA67nWU=";
url = "https://github.com/dweymouth/supersonic/commit/ee742cf34ef7225d345c16354d9c21d72a41bf4a.patch";
hash = "sha256-kSeEbzrfJ4Pe8JC4rIWlSmADOcjrCRBNWlcO8VfVnn4=";
})
];
vendorHash = "sha256-Sh3PxRwb6ElSeWzdvIQ+nD9VVGlpUDwxG7nAoGWPTRQ=";
});
}

7
secrets/common.yaml
View file

@ -1,6 +1,5 @@
victoriametrics:
basicAuthPassword: ENC[AES256_GCM,data:5QuhkQ344qDYzhGZBJimaX94C6oxgYBRZw4MSlycdgs6zRAudMIu/HF1gpjythQpait81jMpFhIn57w433s7QQ==,iv:gytJ63cBaJseCis7gEPmOX6LeddNloQsTjc1SnS56jo=,tag:Jn6TevGsBEeHxYmVHy896w==,type:str]
desec_token: ENC[AES256_GCM,data:3aqlfpAEMyOSNGdLXm4lc0VZajduPkTYkYd+WA==,iv:sktNkKWaD/hjsQpSJzAZeCvwYXfvkhQ2A44BKedCZRg=,tag:XbxIr09c60V0PMDitSOD/w==,type:str]
wg:
psk: ENC[AES256_GCM,data:Anpe6IxtzsqZyvas+ddV3yjJozdZgZOl2KG/Z4YtWUB5gAVLtxsQKc/WA/M=,iv:j/A5k2VXbdqUDXEd1WRfJYdb3DsUZ1B9gPHCpDpRjmw=,tag:KQGi1O5iP2+nQccgBzytSQ==,type:str]
msmtp:
@ -11,8 +10,8 @@ msmtp:
password: ENC[AES256_GCM,data:mAgsvDPzt8f/RB/2T8nrd+KUcuxUGIdCBDs5sFla5x0=,iv:qndiiKTuSpbf/gtNXPaZ6AnHHwzZ7IPJrDFriM7bKwE=,tag:5j+gjpaxIu03x1lBkRMLhQ==,type:str]
aliases: ENC[AES256_GCM,data:fOZRYZ8rVs3IXhiS+VaP54gF4bir66oIZvb7ZfKV,iv:bsmh1ZCwERZuHrvORP68hj5Gz7j3+K6ZW8BR3/IQVQg=,tag:jWozmXpjk3JHCINSgP4KGg==,type:str]
sops:
lastmodified: "2025-11-19T16:17:02Z"
mac: ENC[AES256_GCM,data:dt2iRLTxfPWpYlxsZnOQgtUAvU/MWoXp6eLOJgP/uWLe5ooeU5K868I7PQNVGEnqkJGZTiiENpY7mkmt0niKn2nw7nD5KzRPMvFZ0/JXrLkzCScBfJDlbcuTtKFVqlDkPpz7kgF+fQy1cg5KiDyc9bsJAi/9qHhQHF3wFbeG5rI=,iv:E6YtLKZdnqgVZKx/goxdvn41p+hfMpkSbc7FJ/3yXQA=,tag:6iW9vkEsEuXOhptGdDwpdw==,type:str]
lastmodified: "2025-09-06T16:50:17Z"
mac: ENC[AES256_GCM,data:QdWLok9IBqTaO3StKRiAXcMIZSV5YJQoYY+3cZZ7xARbmvn5cDqnapv3HIJju7v5V48tNG3aXy1nJHG4kKVuDIMd7s7PPjLL1k0dEsnTs4YwE8XugZX86nXuSUZeUuQNfnR9sFOKho/o/I9W5hCp0IcEgo+Bs1dD3IvYxuv6Nzk=,iv:IHEDtI6lo76qPgBvBETg/SiT/tfFivN8r8J7tt93IbQ=,tag:ifW8UVaf5r8Y9HUUtCkAQQ==,type:str]
pgp:
- created_at: "2025-09-06T16:37:33Z"
enc: |-
@ -64,4 +63,4 @@ sops:
-----END PGP MESSAGE-----
fp: b730b2bf54eb792a14bfd3e68c14c08894376c5f
unencrypted_suffix: _unencrypted
version: 3.11.0
version: 3.10.2